Build better code
Who Am I?
Adam Englander
adamenglander@yahoo.com
@adam_englander
http://adamknowsstuff.com
https://github.com/derptest
• D...
Overview
In this presentation you will learn how to
build a web page that does the following:
 Interacts with the user vi...
Interacting with users via forms
 Use the “post” action in your forms
 Post data is accessible via the $_POST
super glob...
Storing Data in a Database
 Use PDO when possible
 Plenty of tutorials and examples
 Allows for prepared statements to ...
Displaying Data Stored in a
Database
 Use PDO – see last slide
 Loop with fetch instead of fetch all to
save on memory
...
Handle Errors Properly
 Turn off error display to the user
 Use try/catch exception handling to
reduce complexity
 Show...
Prevents Injection Attacks
 Use prepared statements with binding to
prevent SQL injection
 Validate input data to preven...
Run a PHP Web App Without
Installing a Separate Web
Server
 As of PHP 5.4, PHP has a built in web
server
 Provides a sim...
Lets See an Example in Action
A sample application that provides a
registration book of sorts is available to
download/che...
Upcoming SlideShare
Loading in...5
×

Basic web development in php

152

Published on

A presentation with an accompanying example app to help beginners start build basic web applications. The example does not need a web or database server but can be used to display a web page and save data. Basic tenants for for protecting a PHP web application from HTML injection, cross-site scripting, and SQL injection are covered in the slides and the example. The accompanying example application is highly commented to help with understanding why certain actions are taken.

Published in: Software
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
152
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Basic web development in php

  1. 1. Build better code
  2. 2. Who Am I? Adam Englander adamenglander@yahoo.com @adam_englander http://adamknowsstuff.com https://github.com/derptest • DirectEdge Brands Director of Software Development • Coupla CTO • Founder/Organizer of Las Vegas PHP Users Group • Co-Organizer of Las Vegas Developers Users Group • #VegasTech Enthusiast http://www.slideshare.net/AdamEnglander/basic-web-development-in-php
  3. 3. Overview In this presentation you will learn how to build a web page that does the following:  Interacts with the user via HTML forms  Stores data in a database  Displays data stored in a database  Handles errors properly  Prevents injection attacks  Runs without installing a web server
  4. 4. Interacting with users via forms  Use the “post” action in your forms  Post data is accessible via the $_POST super global variable  Validate submitted data  Use htmlentities() when setting form data to prevent HTML injection and Cross-site scripting (XSS)
  5. 5. Storing Data in a Database  Use PDO when possible  Plenty of tutorials and examples  Allows for prepared statements to prevent SQL injection  Saves memory with result cursors  Allows use of multiple back-ends  Use prepared statements to prevent SQL injection attacks  Use exception error mode for ease of error handling
  6. 6. Displaying Data Stored in a Database  Use PDO – see last slide  Loop with fetch instead of fetch all to save on memory  If you are filtering data, use prepared statements and bind to prevent SQL injection attacks
  7. 7. Handle Errors Properly  Turn off error display to the user  Use try/catch exception handling to reduce complexity  Show the user a generic error message that can be tracked back to the error logs  Place as much data as possible in the error logs without risking exposing secret or private data
  8. 8. Prevents Injection Attacks  Use prepared statements with binding to prevent SQL injection  Validate input data to prevent malicious data being stored or shown to the user  Use htmlentities() to encode HTML and prevent HTML injection and cross-site scripting (XSS)
  9. 9. Run a PHP Web App Without Installing a Separate Web Server  As of PHP 5.4, PHP has a built in web server  Provides a simple way for building, testing, and debugging a web application without installing a bunch of infrastructure.  The built in web server SHOULD NOT be used for a live application
  10. 10. Lets See an Example in Action A sample application that provides a registration book of sorts is available to download/checkout on my Github account: https://github.com/aenglander/starter-app Download the zip or clone the repository to see a highly commented example on how to accomplish the items in these slides.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×