[clug] Server-side scripting

George at Clug Clug at goproject.info
Sun Jan 13 20:24:40 UTC 2019


Brian,


Personally I would steer clear of creating web sites that allow user
input as it can make your web site insecure. Keep your web site simple
and effective. However...



1) Text files can be an effective way to maintain data in place of a
database, as long as your data needs are kept simple. PHP is good at
using text files.  Text files are fast and work well when your data
is not complex. However from a few quick Internet searches, it seems
to be a lost art.



2) Please do not upload web site files to the internet without having
first tested them locally to be working and bug free. A common
practice is to set up a test environment on your local PC using LAMP
or WAMP setups. For people are using Windows on their desktop, it is
common to install WAMP (Windows, Apache, MySQL, PHP) on there computer
to provide a development environment for testing and ensuring their
code is working before uploading to the internet. 
https://www.sitepoint.com/performant-reading-big-files-php/



Linux users can simply install these packages on their own computer to
install a LAMP (Linux, Apache, MariaDB, PHP).
https://www.tecmint.com/install-lamp-in-ubuntu-15-10/
LAMP stack is the combination of the most frequently used software
packages to build dynamic websites. LAMP is an abbreviation that
uses the first letter of each of the packages included in it: Linux,
Apache, MariaDB, PHP.


3) PHP and databases are often used by web site developers for user
input for web page redirection, or returning specific data. With all
user input there is a danger that hackers can craft user input that
can run code on your server to gain control of the server. Appropriate
Data Validation is a must. I have personally seen web sites hacked due
to poor data validation of web site input which is then used for MySQL
queries.

http://www.devshed.com/c/a/php/advanced-php-form-input-validation-to-check-user-inputs/
PHP form input validation is what separates amateur and professional
PHP developers. A professional PHP developer validates data for both
security and correctness of the data entered. Keep reading to learn
how to validate user input to your forms.
https://www.cloudways.com/blog/custom-php-mysql-contact-form/


https://phpsecurity.readthedocs.io/en/latest/Input-Validation.html
Input Validation is the outer defensive perimeter for your web
application. This perimeter protects the core business logic,
processing and output generation. Beyond the perimeter is everything
considered potential enemy territory which is...literally everything
other than the literal code executed by the current request.
 [1]
https://medium.com/@RabbiGreenberg/php-101-basic-form-validation-c2881d99ce33
Form validation is an essential part of web development. Rule #1 in
web development is never trust the user. Now that is not to say that
every user your project encounters is looking to commit a malicious
act. 


George.




On Monday, 14-01-2019 at 06:32 Bryan Kilgallin via linux wrote:


Neill wrote:

{I note that iiNet are offering you a very old version of PHP.  The 
current stable release is 7.3.0 according to Wikipedia.

https://en.m.wikipedia.org/wiki/PHP}

Citing my message.

{
> And iiNet's personal website FAQ says this.
> {What server-side scripting options does iiNet have?
>
>      Perl 5.8 (for CGI scripting). File extension is .cgi or
.pl
>      PHP 4.3.10 (For standalone PHP scripts). File extension
is .php
>      SSI. File extension is .shtml}
}

Whereas I have been studying PHP 5 on-line.
https://www.w3schools.com/php/default.asp

And I have begun reading a book on PHP 7.
https://ineasysteps.com/products-page/all_books/php-7-in-easy-steps/

I gather that PHP 4.3.10 has limited object-oriented support. And that

it has security issues!
https://en.wikipedia.org/wiki/PHP#PHP_3_and_4

So say chapter 7 "Building Classes", may not be much use to me! I have

installed PHP 7.2 on my PC. Then I expect many errors once I install a

PHP file on iiNet's server.

-- 
members.iinet.net.au/~kilgallin/

-- 
linux mailing list
linux at lists.samba.org
https://lists.samba.org/mailman/listinfo/linux



Links:
------
[1]
https://medium.com/@RabbiGreenberg/php-101-basic-form-validation-c2881d99ce33


More information about the linux mailing list