February 2013
Intermediate to advanced
538 pages
20h 55m
English
Content preview from Programming PHP, 3rd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
File Access
If only you and people you trust can log in to your web server, you don’t need to worry about file permissions for files used by or created by your PHP programs. However, most websites are hosted on ISP’s machines, and there’s a risk that nontrusted people can read files that your PHP program creates. There are a number of techniques that you can use to deal with file permissions issues.
Restrict Filesystem Access to a Specific Directory
You can set the open_basedir option to restrict access from
your PHP scripts to a specific directory. If open_basedir is set in your php.ini, PHP limits filesystem and I/O
functions so that they can operate only within that directory or any of
its subdirectories. For example:
open_basedir = /some/path
With this configuration in effect, the following function calls succeed:
unlink("/some/path/unwanted.exe");include("/some/path/less/travelled.inc");
But these generate runtime errors:
$fp=fopen("/some/other/file.exe",'r');$dp=opendir("/some/path/../other/file.exe");
Of course, one web server can run many applications, and each
application typically stores files in its own directory. You can
configure open_basedir on a
per-virtual host basis in your httpd.conf file like this:
<VirtualHost 1.2.3.4> ServerName domainA.com DocumentRoot /web/sites/domainA php_admin_value open_basedir /web/sites/domainA </VirtualHost>
Similarly, you can configure it per directory or per URL in httpd.conf:
# by directory <Directory /home/httpd/html/app1> php_admin_value ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.