• Like
Basic web development in php
Upcoming SlideShare
Loading in...5
×

Basic web development in php

  • 45 views
Uploaded on

A presentation with an accompanying example app to help beginners start build basic web applications. The example does not need a web or database server but can be used to display a web page and save …

A presentation with an accompanying example app to help beginners start build basic web applications. The example does not need a web or database server but can be used to display a web page and save data. Basic tenants for for protecting a PHP web application from HTML injection, cross-site scripting, and SQL injection are covered in the slides and the example. The accompanying example application is highly commented to help with understanding why certain actions are taken.

More in: Software
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
45
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Build better code
  • 2. Who Am I? Adam Englander adamenglander@yahoo.com @adam_englander http://adamknowsstuff.com https://github.com/derptest • DirectEdge Brands Director of Software Development • Coupla CTO • Founder/Organizer of Las Vegas PHP Users Group • Co-Organizer of Las Vegas Developers Users Group • #VegasTech Enthusiast http://www.slideshare.net/AdamEnglander/basic-web-development-in-php
  • 3. Overview In this presentation you will learn how to build a web page that does the following:  Interacts with the user via HTML forms  Stores data in a database  Displays data stored in a database  Handles errors properly  Prevents injection attacks  Runs without installing a web server
  • 4. Interacting with users via forms  Use the “post” action in your forms  Post data is accessible via the $_POST super global variable  Validate submitted data  Use htmlentities() when setting form data to prevent HTML injection and Cross-site scripting (XSS)
  • 5. Storing Data in a Database  Use PDO when possible  Plenty of tutorials and examples  Allows for prepared statements to prevent SQL injection  Saves memory with result cursors  Allows use of multiple back-ends  Use prepared statements to prevent SQL injection attacks  Use exception error mode for ease of error handling
  • 6. Displaying Data Stored in a Database  Use PDO – see last slide  Loop with fetch instead of fetch all to save on memory  If you are filtering data, use prepared statements and bind to prevent SQL injection attacks
  • 7. Handle Errors Properly  Turn off error display to the user  Use try/catch exception handling to reduce complexity  Show the user a generic error message that can be tracked back to the error logs  Place as much data as possible in the error logs without risking exposing secret or private data
  • 8. Prevents Injection Attacks  Use prepared statements with binding to prevent SQL injection  Validate input data to prevent malicious data being stored or shown to the user  Use htmlentities() to encode HTML and prevent HTML injection and cross-site scripting (XSS)
  • 9. Run a PHP Web App Without Installing a Separate Web Server  As of PHP 5.4, PHP has a built in web server  Provides a simple way for building, testing, and debugging a web application without installing a bunch of infrastructure.  The built in web server SHOULD NOT be used for a live application
  • 10. Lets See an Example in Action A sample application that provides a registration book of sorts is available to download/checkout on my Github account: https://github.com/aenglander/starter-app Download the zip or clone the repository to see a highly commented example on how to accomplish the items in these slides.