book

PHP Cookbook, 3rd Edition

by David Sklar, Adam Trachtenberg

July 2014

Intermediate to advanced

820 pages

17h 6m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Who This Book Is ForWhat Is in This BookOther ResourcesConventions Used in This BookComments and QuestionsAcknowledgments
1. Strings
IntroductionAccessing SubstringsExtracting SubstringsReplacing SubstringsProcessing a String One Byte at a TimeReversing a String by Word or ByteGenerating a Random StringExpanding and Compressing TabsControlling CaseInterpolating Functions and Expressions Within StringsTrimming Blanks from a StringGenerating Comma-Separated DataParsing Comma-Separated DataGenerating Fixed-Width Field Data RecordsParsing Fixed-Width Field Data RecordsTaking Strings ApartWrapping Text at a Certain Line LengthStoring Binary Data in StringsProgram: Downloadable CSV File
2. Numbers
IntroductionChecking Whether a Variable Contains a Valid NumberComparing Floating-Point NumbersRounding Floating-Point NumbersOperating on a Series of IntegersGenerating Random Numbers Within a RangeGenerating Predictable Random NumbersGenerating Biased Random NumbersTaking LogarithmsCalculating ExponentsFormatting NumbersFormatting Monetary ValuesPrinting Correct PluralsCalculating Trigonometric FunctionsDoing Trigonometry in Degrees, Not RadiansHandling Very Large or Very Small NumbersConverting Between BasesCalculating Using Numbers in Bases Other Than DecimalFinding the Distance Between Two Places
3. Dates and Times
IntroductionFinding the Current Date and TimeConverting Time and Date Parts to an Epoch TimestampConverting an Epoch Timestamp to Time and Date PartsPrinting a Date or Time in a Specified FormatFinding the Difference of Two DatesFinding the Day in a Week, Month, or YearValidating a DateParsing Dates and Times from StringsAdding to or Subtracting from a DateCalculating Time with Time Zones and Daylight Saving TimeGenerating a High-Precision TimeGenerating Time RangesUsing Non-Gregorian CalendarsProgram: Calendar
4. Arrays
IntroductionSpecifying an Array Not Beginning at Element 0Storing Multiple Elements per Key in an ArrayInitializing an Array to a Range of IntegersIterating Through an ArrayDeleting Elements from an ArrayChanging Array SizeAppending One Array to AnotherTurning an Array into a StringPrinting an Array with CommasChecking if a Key Is in an ArrayChecking if an Element Is in an ArrayFinding the Position of a Value in an ArrayFinding Elements That Pass a Certain TestFinding the Largest or Smallest Valued Element in an ArrayReversing an ArraySorting an ArraySorting an Array by a Computable FieldSorting Multiple ArraysSorting an Array Using a Method Instead of a FunctionRandomizing an ArrayRemoving Duplicate Elements from an ArrayApplying a Function to Each Element in an ArrayFinding the Union, Intersection, or Difference of Two ArraysIterating Efficiently over Large or Expensive DatasetsAccessing an Object Using Array Syntax
5. Variables
IntroductionAvoiding == Versus = ConfusionEstablishing a Default ValueExchanging Values Without Using Temporary VariablesCreating a Dynamic Variable NamePersisting a Local Variable’s Value Across Function InvocationsSharing Variables Between ProcessesEncapsulating Complex Data Types in a StringDumping Variable Contents as Strings
6. Functions
IntroductionAccessing Function ParametersSetting Default Values for Function ParametersPassing Values by ReferenceUsing Named ParametersEnforcing Types of Function ArgumentsCreating Functions That Take a Variable Number of ArgumentsReturning Values by ReferenceReturning More Than One ValueSkipping Selected Return ValuesReturning FailureCalling Variable FunctionsAccessing a Global Variable Inside a FunctionCreating Dynamic Functions
7. Classes and Objects
IntroductionInstantiating ObjectsDefining Object ConstructorsDefining Object DestructorsImplementing Access ControlPreventing Changes to Classes and MethodsDefining Object StringificationRequiring Multiple Classes to Behave SimilarlyCreating Abstract Base ClassesAssigning Object ReferencesCloning ObjectsOverriding Property AccessesCalling Methods on an Object Returned by Another MethodAggregating ObjectsAccessing Overridden MethodsCreating Methods DynamicallyUsing Method PolymorphismDefining Class ConstantsDefining Static Properties and MethodsControlling Object SerializationIntrospecting ObjectsChecking If an Object Is an Instance of a Specific ClassAutoloading Class Files upon Object InstantiationInstantiating an Object DynamicallyProgram: whereis
8. Web Fundamentals
IntroductionSetting CookiesReading Cookie ValuesDeleting CookiesBuilding a Query StringReading the POST Request BodyUsing HTTP Basic or Digest AuthenticationUsing Cookie AuthenticationReading an HTTP HeaderWriting an HTTP HeaderSending a Specific HTTP Status CodeRedirecting to a Different LocationFlushing Output to the BrowserBuffering Output to the BrowserCompressing Web OutputReading Environment VariablesSetting Environment VariablesCommunicating Within ApacheRedirecting Mobile Browsers to a Mobile Optimized SiteProgram: Website Account (De)activatorProgram: Tiny WikiProgram: HTTP Range
9. Forms
IntroductionProcessing Form InputValidating Form Input: Required FieldsValidating Form Input: NumbersValidating Form Input: Email AddressesValidating Form Input: Drop-Down MenusValidating Form Input: Radio ButtonsValidating Form Input: CheckboxesValidating Form Input: Dates and TimesValidating Form Input: Credit CardsPreventing Cross-Site ScriptingProcessing Uploaded FilesWorking with Multipage FormsRedisplaying Forms with Inline Error MessagesGuarding Against Multiple Submissions of the Same FormPreventing Global Variable InjectionHandling Remote Variables with Periods in Their NamesUsing Form Elements with Multiple OptionsCreating Drop-Down Menus Based on the Current Date

10. Database Access
IntroductionUsing DBM DatabasesUsing an SQLite DatabaseConnecting to an SQL DatabaseQuerying an SQL DatabaseRetrieving Rows Without a LoopModifying Data in an SQL DatabaseRepeating Queries EfficientlyFinding the Number of Rows Returned by a QueryEscaping QuotesLogging Debugging Information and ErrorsCreating Unique IdentifiersBuilding Queries ProgrammaticallyMaking Paginated Links for a Series of RecordsCaching Queries and ResultsAccessing a Database Connection Anywhere in Your ProgramProgram: Storing a Threaded Message BoardUsing Redis
11. Sessions and Data Persistence
IntroductionUsing Session TrackingPreventing Session HijackingPreventing Session FixationStoring Sessons in MemcachedStoring Sessions in a DatabaseStoring Arbitrary Data in Shared MemoryCaching Calculated Results in Summary Tables
12. XML
IntroductionGenerating XML as a StringGenerating XML with DOMParsing Basic XML DocumentsParsing Complex XML DocumentsParsing Large XML DocumentsExtracting Information Using XPathTransforming XML with XSLTSetting XSLT Parameters from PHPCalling PHP Functions from XSLT StylesheetsValidating XML DocumentsHandling Content EncodingReading RSS and Atom FeedsWriting RSS FeedsWriting Atom Feeds
13. Web Automation
IntroductionMarking Up a Web PageCleaning Up Broken or Nonstandard HTMLExtracting Links from an HTML FileConverting Plain Text to HTMLConverting HTML to Plain TextRemoving HTML and PHP TagsResponding to an Ajax RequestIntegrating with JavaScriptProgram: Finding Stale LinksProgram: Finding Fresh Links
14. Consuming RESTful APIs
IntroductionFetching a URL with the GET MethodFetching a URL with the POST Method and Form DataFetching a URL with an Arbitrary Method and POST BodyFetching a URL with CookiesFetching a URL with Arbitrary HeadersFetching a URL with a TimeoutFetching an HTTPS URLDebugging the Raw HTTP ExchangeMaking an OAuth 1.0 RequestMaking an OAuth 2.0 Request
15. Serving RESTful APIs
IntroductionExposing and Routing to a ResourceExposing Clean Resource PathsExposing a Resource for ReadingCreating a ResourceEditing a ResourceDeleting a ResourceIndicating Errors and FailuresSupporting Multiple Formats
16. Internet Services
IntroductionSending MailSending MIME MailReading Mail with IMAP or POP3Getting and Putting Files with FTPLooking Up Addresses with LDAPUsing LDAP for User AuthenticationPerforming DNS LookupsChecking If a Host Is AliveGetting Information About a Domain Name
17. Graphics
IntroductionDrawing Lines, Rectangles, and PolygonsDrawing Arcs, Ellipses, and CirclesDrawing with Patterned LinesDrawing TextDrawing Centered TextBuilding Dynamic ImagesGetting and Setting a Transparent ColorOverlaying WatermarksCreating Thumbnail ImagesReading EXIF DataServing Images SecurelyProgram: Generating Bar Charts from Poll Results
18. Security and Encryption
IntroductionPreventing Session FixationProtecting Against Form SpoofingEnsuring Input Is FilteredAvoiding Cross-Site ScriptingEliminating SQL InjectionKeeping Passwords Out of Your Site FilesStoring PasswordsDealing with Lost PasswordsVerifying Data with HashesEncrypting and Decrypting DataStoring Encrypted Data in a File or DatabaseSharing Encrypted Data with Another WebsiteDetecting SSLEncrypting Email with GPG
19. Internationalization and Localization
IntroductionDetermining the User’s LocaleLocalizing Text MessagesLocalizing Dates and TimesLocalizing NumbersLocalizing Currency ValuesLocalizing ImagesLocalizing Included FilesSorting in a Locale-Aware OrderManaging Localization ResourcesSetting the Character Encoding of Outgoing DataSetting the Character Encoding of Incoming DataManipulating UTF-8 Text
20. Error Handling
IntroductionFinding and Fixing Parse ErrorsCreating Your Own Exception ClassesPrinting a Stack TraceReading Configuration VariablesSetting Configuration VariablesHiding Error Messages from UsersTuning Error HandlingUsing a Custom Error HandlerLogging ErrorsEliminating “headers already sent” ErrorsLogging Debugging Information
21. Software Engineering
IntroductionUsing a Debugger ExtensionWriting a Unit TestWriting a Unit Test SuiteApplying a Unit Test to a Web PageSetting Up a Test EnvironmentUsing the Built-in Web Server
22. Performance Tuning
IntroductionUsing an AcceleratorTiming Function ExecutionTiming Program Execution by FunctionTiming Program Execution by StatementTiming Program Execution by SectionProfiling with a Debugger ExtensionStress-Testing Your WebsiteAvoiding Regular Expressions
23. Regular Expressions
IntroductionSwitching from ereg to pregMatching WordsFinding the nth Occurrence of a MatchChoosing Greedy or Nongreedy MatchesFinding All Lines in a File That Match a PatternCapturing Text Inside HTML TagsPreventing Parentheses from Capturing TextEscaping Special Characters in a Regular ExpressionReading Records with a Pattern SeparatorUsing a PHP Function in a Regular Expression
24. Files
IntroductionCreating or Opening a Local FileCreating a Temporary FileOpening a Remote FileReading from Standard InputReading a File into a StringCounting Lines, Paragraphs, or Records in a FileProcessing Every Word in a FilePicking a Random Line from a FileRandomizing All Lines in a FileProcessing Variable-Length Text FieldsReading Configuration FilesModifying a File in Place Without a Temporary FileFlushing Output to a FileWriting to Standard OutputWriting to Many Filehandles SimultaneouslyEscaping Shell MetacharactersPassing Input to a ProgramReading Standard Output from a ProgramReading Standard Error from a ProgramLocking a FileReading and Writing Custom File TypesReading and Writing Compressed Files
25. Directories
IntroductionGetting and Setting File TimestampsGetting File InformationChanging File Permissions or OwnershipSplitting a Filename into Its Component PartsDeleting a FileCopying or Moving a FileProcessing All Files in a DirectoryGetting a List of Filenames Matching a PatternProcessing All Files in a Directory RecursivelyMaking New DirectoriesRemoving a Directory and Its ContentsProgram: Web Server Directory ListingProgram: Site Search
26. Command-Line PHP
IntroductionParsing Program ArgumentsParsing Program Arguments with getoptReading from the KeyboardRunning PHP Code on Every Line of an Input FileReading PasswordsColorizing Console OutputProgram: DOM Explorer
27. Packages
IntroductionDefining and Installing Composer DependenciesFinding Composer PackagesInstalling Composer PackagesUsing the PEAR InstallerFinding PEAR PackagesFinding Information About a PackageInstalling PEAR PackagesUpgrading PEAR PackagesUninstalling PEAR PackagesInstalling PECL Packages
Index
Colophon
Copyright

Content preview from PHP Cookbook, 3rd Edition

Chapter 18. Security and Encryption

Introduction

Web application security is an important topic that attracts attention from both the developers who create web applications and the attackers who try to exploit them. As a PHP developer, your applications are sure to be the target of many attacks, and you need to be prepared.

A large number of web application vulnerabilities are due to a misplaced trust in data provided by third parties. Such data is known as input, and it should be considered tainted until proven otherwise. If you display tainted data to your users, you create cross-site scripting (XSS) vulnerabilities. Avoiding Cross-Site Scripting explains how to avoid these by escaping your output. If you use tainted data in your SQL queries, you can create SQL injection vulnerabilities. Eliminating SQL Injection shows you how to eliminate these.

When using data provided by third parties, including the data provided by your users, it is important to first verify that it is valid. This process is known as filtering, and Ensuring Input Is Filtered shows you how to guarantee that all input is filtered.

Not all security problems can be solved by filtering input and escaping output. Session fixation, an attack discussed in Preventing Session Fixation, causes a victim to use a session identifier chosen by an attacker. Cross-site request forgeries, a type of attack discussed in Protecting Against Form Spoofing, cause a victim to send a request of an attacker’s choosing.

Closely related to ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449363741Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

PHP Cookbook, 3rd Edition

by David Sklar, Adam Trachtenberg

Chapter 18. Security and Encryption

Introduction

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.