[clug] Server-side scripting

George at Clug Clug at goproject.info
Mon Jan 14 00:35:46 UTC 2019 

Also see https://validator.w3.org/

On Monday, 14-01-2019 at 10:26 jhock at iinet.net.au wrote:


I would strongly suggest that you validate your HTML against its DTD.
The Web page may look okay but so many developers don't validate and
so the Webb pages don't present properly on obscure web browsers and
applications that interpret the HTML for other output, such as,
text-to-speach for the blind. Very, very annoying to hear or see  when
the HTML is invalid.

My 2c worth.

John. 

On 14 January 2019 07:24:40 GMT+11:00, George at Clug via linux 
	*  wrote:
>Brian,
>
>
>Personally I would steer clear of creating web sites that allow user
>input as it can make your web site insecure. Keep your web site
simple
>and effective. However...
>
>
>
>1) Text files can be an effective way to maintain data in place of a
>database, as long as your data needs are kept simple. PHP is good at
>using text files.  Text files are fast and work well when your data
>is not complex. However from a few quick Internet searches, it seems
>to be a lost art.
>
>
>
>2) Please do not upload web site files to the internet without having
>first tested them locally to be working and bug free. A common
>practice is to set up a test environment on your local PC using LAMP
>or WAMP setups. For people are using Windows on their desktop, it is
>common to install WAMP (Windows, Apache, MySQL, PHP) on there
computer
>to provide a development environment for testing and ensuring their
>code is working before uploading to the internet. 
>https://www.sitepoint.com/performant-reading-big-files-php/
>
>
>
>Linux users can simply install these packages on their own computer
to
>install a LAMP (Linux, Apache, MariaDB, PHP).
>https://www.tecmint.com/install-lamp-in-ubuntu-15-10/
>LAMP stack is the combination of the most frequently used software
>packages to build dynamic websites. LAMP is an abbreviation that
>uses the first letter of each of the packages included in it: Linux,
>Apache, MariaDB, PHP.
>
>
>3) PHP and databases are often used by web site developers for user
>input for web page redirection, or returning specific data. With all
>user input there is a danger that hackers can craft user input that
>can run code on your server to gain control of the server.
Appropriate
>Data Validation is a must. I have personally seen web sites hacked
due
>to poor data validation of web site input which is then used for
MySQL
>queries.
>
>http://www.devshed.com/c/a/php/advanced-php-form-input-validation-to-check-user-inputs/
>PHP form input validation is what separates amateur and professional
>PHP developers. A professional PHP developer validates data for both
>security and correctness of the data entered. Keep reading to learn
>how to validate user input to your forms.
>https://www.cloudways.com/blog/custom-php-mysql-contact-form/
>
>
>https://phpsecurity.readthedocs.io/en/latest/Input-Validation.html
>Input Validation is the outer defensive perimeter for your web
>application. This perimeter protects the core business logic,
>processing and output generation. Beyond the perimeter is everything
>considered potential enemy territory which is...literally everything
>other than the literal code executed by the current request.
> [1]
>https://medium.com/@RabbiGreenberg/php-101-basic-form-validation-c2881d99ce33
>Form validation is an essential part of web development. Rule #1 in
>web development is never trust the user. Now that is not to say that
>every user your project encounters is looking to commit a malicious
>act. 
>
>
>George.
>
>
>
>
>On Monday, 14-01-2019 at 06:32 Bryan Kilgallin via linux wrote:
>
>
>Neill wrote:
>
>{I note that iiNet are offering you a very old version of PHP.  The

>current stable release is 7.3.0 according to Wikipedia.
>
>https://en.m.wikipedia.org/wiki/PHP}
>
>Citing my message.
>
>{
>> And iiNet's personal website FAQ says this.
>> {What server-side scripting options does iiNet have?
>>
>>      Perl 5.8 (for CGI scripting). File extension is .cgi or
>.pl
>>      PHP 4.3.10 (For standalone PHP scripts). File extension
>is .php
>>      SSI. File extension is .shtml}
>}
>
>Whereas I have been studying PHP 5 on-line.
>https://www.w3schools.com/php/default.asp
>
>And I have begun reading a book on PHP 7.
>https://ineasysteps.com/products-page/all_books/php-7-in-easy-steps/
>
>I gather that PHP 4.3.10 has limited object-oriented support. And
that
>
>it has security issues!
>https://en.wikipedia.org/wiki/PHP#PHP_3_and_4
>
>So say chapter 7 "Building Classes", may not be much use to me! I
have
>
>installed PHP 7.2 on my PC. Then I expect many errors once I install
a
>
>PHP file on iiNet's server.
>
>-- 
>members.iinet.net.au/~kilgallin/
>
>-- 
>linux mailing list
>linux at lists.samba.org
>https://lists.samba.org/mailman/listinfo/linux
>
>
>
>Links:
>------
>[1]
>https://medium.com/@RabbiGreenberg/php-101-basic-form-validation-c2881d99ce33
>-- 
>linux mailing list
>linux at lists.samba.org
>https://lists.samba.org/mailman/listinfo/linux

More information about the linux mailing list