book

PHP Cookbook

by Eric A. Mann

May 2023

Intermediate to advanced

431 pages

8h 55m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who This Book Is ForNavigating This BookConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
1.1. Defining Constants1.2. Creating Variable Variables1.3. Swapping Variables in Place
2.1. Using a Ternary Operator Instead of an If-Else Block2.2. Coalescing Potentially Null Values2.3. Comparing Identical Values2.4. Using the Spaceship Operator to Sort Values2.5. Suppressing Diagnostic Errors with an Operator2.6. Comparing Bits Within Integers
3.1. Accessing Function Parameters3.2. Setting a Function’s Default Parameters3.3. Using Named Function Parameters3.4. Enforcing Function Argument and Return Typing3.5. Defining a Function with a Variable Number of Arguments3.6. Returning More Than One Value3.7. Accessing Global Variables from Within a Function3.8. Managing State Within a Function Across Multiple Invocations3.9. Defining Dynamic Functions3.10. Passing Functions as Parameters to Other Functions3.11. Using Concise Function Definitions (Arrow Functions)3.12. Creating a Function with No Return Value3.13. Creating a Function That Does Not Return
4.1. Accessing Substrings Within a Larger String4.2. Extracting One String from Within Another4.3. Replacing Part of a String4.4. Processing a String One Byte at a Time4.5. Generating Random Strings4.6. Interpolating Variables Within a String4.7. Concatenating Multiple Strings Together4.8. Managing Binary Data Stored in Strings
5.1. Validating a Number Within a Variable5.2. Comparing Floating-Point Numbers5.3. Rounding Floating-Point Numbers5.4. Generating Truly Random Numbers5.5. Generating Predictable Random Numbers5.6. Generating Weighted Random Numbers5.7. Calculating Logarithms5.8. Calculating Exponents5.9. Formatting Numbers as Strings5.10. Handling Very Large or Very Small Numbers5.11. Converting Numbers Between Numerical Bases
6.1. Finding the Current Date and Time6.2. Formatting Dates and Times6.3. Converting Dates and Times to Unix Timestamps6.4. Converting from Unix Timestamps to Date and Time Parts6.5. Computing the Difference Between Two Dates6.6. Parsing Dates and Times from Arbitrary Strings6.7. Validating a Date6.8. Adding to or Subtracting from a Date6.9. Calculating Times Across Time Zones
7.1. Associating Multiple Elements per Key in an Array7.2. Initializing an Array with a Range of Numbers7.3. Iterating Through Items in an Array7.4. Deleting Elements from Associative and Numeric Arrays7.5. Changing the Size of an Array7.6. Appending One Array to Another7.7. Creating an Array from a Fragment of an Existing Array7.8. Converting Between Arrays and Strings7.9. Reversing an Array7.10. Sorting an Array7.11. Sorting an Array Based on a Function7.12. Randomizing the Elements in an Array7.13. Applying a Function to Every Element of an Array7.14. Reducing an Array to a Single Value7.15. Iterating over Infinite or Very Large/Expensive Arrays
8.1. Instantiating Objects from Custom Classes8.2. Constructing Objects to Define Defaults8.3. Defining Read-Only Properties in a Class8.4. Deconstructing Objects to Clean Up After the Object Is No Longer Needed8.5. Using Magic Methods to Provide Dynamic Properties8.6. Extending Classes to Define Additional Functionality8.7. Forcing Classes to Exhibit Specific Behavior8.8. Creating Abstract Base Classes8.9. Preventing Changes to Classes and Methods8.10. Cloning Objects8.11. Defining Static Properties and Methods8.12. Introspecting Private Properties or Methods Within an Object8.13. Reusing Arbitrary Code Between Classes
9.1. Filtering, Validating, and Sanitizing User Input9.2. Keeping Sensitive Credentials Out of Application Code9.3. Hashing and Validating Passwords9.4. Encrypting and Decrypting Data9.5. Storing Encrypted Data in a File9.6. Cryptographically Signing a Message to Be Sent to Another Application9.7. Verifying a Cryptographic Signature

10.1. Creating or Opening a Local File10.2. Reading a File into a String10.3. Reading a Specific Slice of a File10.4. Modifying a File in Place10.5. Writing to Many Files Simultaneously10.6. Locking a File to Prevent Access or Modification by Another Process
11.1. Streaming Data to/from a Temporary File11.2. Reading from the PHP Input Stream11.3. Writing to the PHP Output Stream11.4. Reading from One Stream and Writing to Another11.5. Composing Different Stream Handlers Together11.6. Writing a Custom Stream Wrapper
12.1. Finding and Fixing Parse Errors12.2. Creating and Handling Custom Exceptions12.3. Hiding Error Messages from End Users12.4. Using a Custom Error Handler12.5. Logging Errors to an External Stream
13.1. Using a Debugger Extension13.2. Writing a Unit Test13.3. Automating Unit Tests13.4. Using Static Code Analysis13.5. Logging Debugging Information13.6. Dumping Variable Contents as Strings13.7. Using the Built-in Web Server to Quickly Run an Application13.8. Using Unit Tests to Detect Regressions in a Version-Controlled Project with git-bisect
14.1. Timing Function Execution14.2. Benchmarking the Performance of an Application14.3. Accelerating an Application with an Opcode Cache
15.1. Defining a Composer Project15.2. Finding Composer Packages15.3. Installing and Updating Composer Packages15.4. Installing Native PHP Extensions
16.1. Relational Databases16.2. Key-Value Stores16.3. Graph Databases16.4. Document Databases16.5. Connecting to an SQLite Database16.6. Using PDO to Connect to an External Database Provider16.7. Sanitizing User Input for a Database Query16.8. Mocking Data for Integration Testing with a Database16.9. Querying an SQL Database with the Eloquent ORM
17.1. Fetching Data from Remote APIs Asynchronously17.2. Waiting on the Results of Multiple Asynchronous Operations17.3. Interrupting One Operation to Run Another17.4. Running Code in a Separate Thread17.5. Sending and Receiving Messages Between Separate Threads17.6. Using a Fiber to Manage the Contents from a Stream
18.1. Parsing Program Arguments18.2. Reading Interactive User Input18.3. Colorizing Console Output18.4. Creating a Command-Line Application with Symfony Console18.5. Using PHP’s Native Read-Eval-Print-Loop

Content preview from PHP Cookbook

Chapter 9. Security and Encryption

PHP is a remarkably easy-to-use language because of the forgiving nature of the runtime. Even when you make a mistake, PHP will try to infer what you meant to do and, often, keep executing your program just fine. Unfortunately, this strength is also seen by some developers as a key weakness. By being forgiving, PHP allows for a sheer amount of “bad” code to continue functioning as if it were correct.

Worse still, much of this “bad” code finds its way into tutorials, leading developers to copy and paste it into their own projects and perpetuate the cycle. This forgiving runtime and long history of PHP have led to the perception that PHP itself is insecure. In reality, it’s easy to use any programming language insecurely.

Natively, PHP supports the ability to quickly and easily filter malicious input and sanitize user data. In a web context, this utility is critical to keeping user information safe from malicious inputs or attacks. PHP also exposes well-defined functions for both securely hashing and securely validating passwords during authentication.

Note

PHP’s default password hashing and validation functions both leverage secure hashing algorithms and constant-time, secure implementations. This protects your application against niche attacks like those using timing information in an attempt to extract information. Attempting to implement hashing (or validation) yourself would likely expose your application to risks for which PHP has already ...