book

Programming PHP, 4th Edition

by Kevin Tatroe, Peter MacIntyre

March 2020

Intermediate to advanced

542 pages

12h 22m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword
Preface
AudienceAssumptions This Book MakesContents of This BookConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgmentsKevin TatroePeter MacIntyre
1. Introduction to PHP
What Does PHP Do?A Brief History of PHPThe Evolution of PHPThe Widespread Use of PHPInstalling PHPA Walk Through PHPConfiguration PageFormsDatabasesGraphicsWhat’s Next
2. Language Basics
Lexical StructureCase SensitivityStatements and SemicolonsWhitespace and Line BreaksCommentsLiteralsIdentifiersKeywordsData TypesIntegersFloating-Point NumbersStringsBooleansArraysObjectsResourcesCallbacksNULLVariablesVariable VariablesVariable ReferencesVariable ScopeGarbage CollectionExpressions and OperatorsNumber of OperandsOperator PrecedenceOperator AssociativityImplicit CastingArithmetic OperatorsString Concatenation OperatorAuto-Increment and Auto-Decrement OperatorsComparison OperatorsBitwise OperatorsLogical OperatorsCasting OperatorsAssignment OperatorsMiscellaneous OperatorsFlow-Control Statementsif switchwhileforforeachtry...catchdeclareexit and returngotoIncluding CodeEmbedding PHP in Web PagesStandard (XML) StyleSGML StyleEchoing Content DirectlyWhat’s Next
3. Functions
Calling a FunctionDefining a FunctionVariable ScopeGlobal VariablesStatic VariablesFunction ParametersPassing Parameters by ValuePassing Parameters by ReferenceDefault ParametersVariable ParametersMissing ParametersType HintingReturn ValuesVariable FunctionsAnonymous FunctionsWhat’s Next
4. Strings
Quoting String ConstantsVariable InterpolationSingle-Quoted StringsDouble-Quoted StringsHere DocumentsPrinting Stringsechoprint()printf()print_r() and var_dump()Accessing Individual CharactersCleaning StringsRemoving WhitespaceChanging CaseEncoding and EscapingHTMLURLsSQLC-String EncodingComparing StringsExact ComparisonsApproximate EqualityManipulating and Searching StringsSubstringsMiscellaneous String FunctionsDecomposing a StringString-Searching FunctionsRegular ExpressionsThe BasicsCharacter ClassesAlternativesRepeating SequencesSubpatternsDelimitersMatch BehaviorCharacter ClassesAnchorsQuantifiers and GreedNoncapturing GroupsBackreferencesTrailing OptionsInline OptionsLookahead and LookbehindCutConditional ExpressionsFunctionsDifferences from Perl Regular ExpressionsWhat’s Next
5. Arrays
Indexed Versus Associative ArraysIdentifying Elements of an ArrayStoring Data in ArraysAppending Values to an ArrayAssigning a Range of ValuesGetting the Size of an ArrayPadding an ArrayMultidimensional ArraysExtracting Multiple ValuesSlicing an ArraySplitting an Array into ChunksKeys and ValuesChecking Whether an Element ExistsRemoving and Inserting Elements in an ArrayConverting Between Arrays and VariablesCreating Variables from an ArrayCreating an Array from VariablesTraversing ArraysThe foreach ConstructThe Iterator FunctionsUsing a for LoopCalling a Function for Each Array ElementReducing an ArraySearching for ValuesSortingSorting One Array at a TimeNatural-Order SortingSorting Multiple Arrays at OnceReversing ArraysRandomizing OrderActing on Entire ArraysCalculating the Sum of an ArrayMerging Two ArraysCalculating the Difference Between Two ArraysFiltering Elements from an ArrayUsing Arrays to Implement Data TypesSetsStacksImplementing the Iterator InterfaceWhat’s Next
6. Objects
ObjectsTerminologyCreating an ObjectAccessing Properties and MethodsDeclaring a ClassDeclaring MethodsDeclaring PropertiesDeclaring ConstantsInheritanceInterfacesTraitsAbstract MethodsConstructorsDestructorsAnonymous ClassesIntrospectionExamining ClassesExamining an ObjectSample Introspection ProgramSerializationWhat’s Next
7. Dates and Times
What’s Next
8. Web Techniques
HTTP BasicsVariablesServer InformationProcessing FormsMethodsParametersSelf-Processing PagesSticky FormsMultivalued ParametersSticky Multivalued ParametersFile UploadsForm ValidationSetting Response HeadersDifferent Content TypesRedirectionsExpirationAuthenticationMaintaining StateCookiesSessionsCombining Cookies and SessionsSSLWhat’s Next

9. Databases
Using PHP to Access a DatabaseRelational Databases and SQLPHP Data ObjectsMySQLi Object InterfaceRetrieving Data for DisplaySQLiteDirect File-Level ManipulationMongoDBRetrieving DataInserting More Complex DataWhat’s Next
10. Graphics
Embedding an Image in a PageBasic Graphics ConceptsCreating and Drawing ImagesThe Structure of a Graphics ProgramChanging the Output FormatTesting for Supported Image FormatsReading an Existing FileBasic Drawing FunctionsImages with TextFontsTrueType FontsDynamically Generated ButtonsCaching the Dynamically Generated ButtonsA Faster CacheScaling ImagesColor HandlingUsing the Alpha ChannelIdentifying ColorsTrue Color IndexesText Representation of an ImageWhat’s Next
11. PDF
PDF ExtensionsDocuments and PagesA Simple ExampleInitializing the DocumentOutputting Basic Text CellsTextCoordinatesText AttributesPage Headers, Footers, and Class ExtensionImages and LinksTables and DataWhat’s Next
12. XML
Lightning Guide to XMLGenerating XMLParsing XMLElement HandlersCharacter Data HandlerProcessing InstructionsEntity HandlersDefault HandlerOptionsUsing the ParserErrorsMethods as HandlersSample Parsing ApplicationParsing XML with the DOMParsing XML with SimpleXMLTransforming XML with XSLTWhat’s Next
13. JSON
Using JSONSerializing PHP ObjectsOptionsWhat’s Next
14. Security
SafeguardsFiltering InputEscaping Output DataSecurity VulnerabilitiesCross-Site ScriptingSQL InjectionFilename VulnerabilitiesSession FixationFile Upload TrapsUnauthorized File AccessPHP Code IssuesShell Command WeaknessesData Encryption ConcernsFurther ResourcesSecurity RecapWhat’s Next
15. Application Techniques
Code LibrariesTemplating SystemsHandling OutputOutput BufferingOutput CompressionPerformance TuningBenchmarkingProfilingOptimizing Execution TimeOptimizing Memory RequirementsReverse Proxies and ReplicationWhat’s Next
16. Web Services
REST ClientsResponsesRetrieving ResourcesUpdating ResourcesCreating ResourcesDeleting ResourcesXML-RPCServersClientsWhat’s Next
17. Debugging PHP
The Development EnvironmentThe Staging EnvironmentThe Production Environmentphp.ini SettingsError HandlingError ReportingExceptionsError SuppressionTriggering ErrorsDefining Error HandlersManual DebuggingError LogsIDE DebuggingAdditional Debugging TechniquesWhat’s Next
18. PHP on Disparate Platforms
Writing Portable Code for Windows and UnixDetermining the PlatformHandling Paths Across PlatformsNavigating the Server EnvironmentSending MailEnd-of-Line HandlingEnd-of-File HandlingUsing External CommandsAccessing Platform-Specific ExtensionsInterfacing with COMBackgroundPHP FunctionsAPI Specifications
Function Reference
PHP Functions by CategoryArraysClasses and ObjectsData FilteringDate and TimeDirectoriesErrors and LoggingFilesystemFunctionsMailMathMiscellaneous FunctionsNetworkOutput BufferingPHP Language TokenizerPHP Options/InfoProgram ExecutionSession HandlingStreamsStringsURLsVariablesZlibAlphabetical Listing of PHP Functions
Index

Content preview from Programming PHP, 4th Edition

Chapter 14. Security

PHP is a flexible language with hooks into just about every API offered on the machines on which it runs. Because it was designed to be a forms-processing language for HTML pages, PHP makes it easy to use form data sent to a script. Convenience is a double-edged sword, however. The very features that allow you to quickly write programs in PHP can open doors for those who would break into your systems.

PHP itself is neither secure nor insecure. The security of your web applications is entirely determined by the code you write. For example, if a script opens a file whose name is passed to the script as a form parameter, that script could be given a remote URL, an absolute pathname, or even a relative path, allowing it to open a file outside the site’s document root. This could expose your password file or other sensitive information.

Web application security is still a relatively young and evolving discipline. A single chapter on security cannot sufficiently prepare you for the onslaught of attacks your applications are sure to receive. This chapter takes a pragmatic approach and covers a distilled selection of topics related to security, including how to protect your applications from the most common and dangerous attacks. The chapter concludes with a list of further resources as well as a brief recap with a few additional tips.

Safeguards

One of the most fundamental things you need to understand when developing a secure site is that all information not generated ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492054122Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Programming PHP, 4th Edition

by Kevin Tatroe, Peter MacIntyre

Chapter 14. Security

Safeguards

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.