[clug] Server-side scripting

Bryan Kilgallin kilgallin at iinet.net.au
Mon Jan 14 08:47:05 UTC 2019

Dear George:

> Personally I would steer clear of creating web sites that allow user
> input as it can make your web site insecure. Keep your web site simple
> and effective.

I had thought of just collecting visitation statistics.

> 1) Text files can be an effective way to maintain data in place of a
> database, as long as your data needs are kept simple. PHP is good at
> using text files.  Text files are fast and work well when your data
> is not complex. However from a few quick Internet searches, it seems
> to be a lost art.

Yes, that would work. I hadn't thought of this!

> 2) Please do not upload web site files to the internet without having
> first tested them locally to be working and bug free. A common
> practice is to set up a test environment on your local PC using LAMP
> or WAMP setups. For people are using Windows on their desktop, it is
> common to install WAMP (Windows, Apache, MySQL, PHP) on there computer
> to provide a development environment for testing and ensuring their
> code is working before uploading to the internet.

I can check here with PHP 7.2. Ubuntu Apache server is also installed!

> 3) PHP and databases are often used by web site developers for user
> input for web page redirection, or returning specific data. With all
> user input there is a danger that hackers can craft user input that
> can run code on your server to gain control of the server. Appropriate
> Data Validation is a must. I have personally seen web sites hacked due
> to poor data validation of web site input which is then used for MySQL
> queries.

I have bookmarked your recommended reading.



More information about the linux mailing list