Basic web development in php

•Transferir como PPTX, PDF•

0 gostou•1,000 visualizações

A presentation with an accompanying example app to help beginners start build basic web applications. The example does not need a web or database server but can be used to display a web page and save data. Basic tenants for for protecting a PHP web application from HTML injection, cross-site scripting, and SQL injection are covered in the slides and the example. The accompanying example application is highly commented to help with understanding why certain actions are taken.

Software

Who Am I?
Adam Englander
adamenglander@yahoo.com
@adam_englander
http://adamknowsstuff.com
https://github.com/derptest
• DirectEdge Brands Director
of Software Development
• Coupla CTO
• Founder/Organizer of Las
Vegas PHP Users Group
• Co-Organizer of Las Vegas
Developers Users Group
• #VegasTech Enthusiast
http://www.slideshare.net/AdamEnglander/basic-web-development-in-php

Overview
In this presentation you will learn how to
build a web page that does the following:
 Interacts with the user via HTML forms
 Stores data in a database
 Displays data stored in a database
 Handles errors properly
 Prevents injection attacks
 Runs without installing a web server

Interacting with users via forms
 Use the “post” action in your forms
 Post data is accessible via the $_POST
super global variable
 Validate submitted data
 Use htmlentities() when setting form
data to prevent HTML injection and
Cross-site scripting (XSS)

Storing Data in a Database
 Use PDO when possible
 Plenty of tutorials and examples
 Allows for prepared statements to prevent
SQL injection
 Saves memory with result cursors
 Allows use of multiple back-ends
 Use prepared statements to prevent
SQL injection attacks
 Use exception error mode for ease of
error handling

Displaying Data Stored in a
Database
 Use PDO – see last slide
 Loop with fetch instead of fetch all to
save on memory
 If you are filtering data, use prepared
statements and bind to prevent SQL
injection attacks

Handle Errors Properly
 Turn off error display to the user
 Use try/catch exception handling to
reduce complexity
 Show the user a generic error message
that can be tracked back to the error
logs
 Place as much data as possible in the
error logs without risking exposing
secret or private data

Prevents Injection Attacks
 Use prepared statements with binding to
prevent SQL injection
 Validate input data to prevent malicious
data being stored or shown to the user
 Use htmlentities() to encode HTML and
prevent HTML injection and cross-site
scripting (XSS)

Run a PHP Web App Without
Installing a Separate Web
Server
 As of PHP 5.4, PHP has a built in web
server
 Provides a simple way for building,
testing, and debugging a web
application without installing a bunch of
infrastructure.
 The built in web server SHOULD NOT
be used for a live application

Lets See an Example in Action
A sample application that provides a
registration book of sorts is available to
download/checkout on my Github account:
https://github.com/aenglander/starter-app
Download the zip or clone the repository to
see a highly commented example on how
to accomplish the items in these slides.

Mais conteúdo relacionado

Mais de Adam Englander

This presentation attempts to prepare developers for the coming storm of biometric authentication. It is coming; for many, it is already here. Unfortunately, few of us have been prepared to select tools for utilizing biometric authentication properly. In this presentation, Adam Englander will express the special dangers of biometrics with regards to lifespan and storage. Due to the user's inability to change a biomteric, it is much more valuable to bad actors as the lifespan will undoubtedly exceed the lifespan of the cryptography. Any biometric database stolen today will likely be able to be cracked by the average computer in 20 years. This creates a unique problem many of us have not had to tackle before. We need a different mindset when thinking about biometrics. This presentation will try and give that much-needed perspective.

php[tek] 2018 - Biometrics, fantastic failure point of the future

Adam Englander

Biometrics: Sexy, Secure and... Stupid - RSAC 2018

Adam Englander

With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code. In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.

Practical API Security - PyCon 2018

Adam Englander

Practical API Security - Midwest PHP 2018

Adam Englander

Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.

Cryptography for Beginners - Midwest PHP 2018

Adam Englander

Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography . This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.

Cryptography for Beginners - Sunshine PHP 2018

Adam Englander

Biometrics is all the rage. It has been touted as the best of all possible authentication methods. Very soon, your customers and standards boards will require you to implement some sort of biometric factor for authentication. Before you head down that road, you need to know the pitfalls to avoid before becoming the next big breach in the news. Learn a few tricks to help safely secure biometrics to protect your users.

ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future

Adam Englander

Are you worried that your REST API may be the next victim of an attack by ruthless hackers? Don't fret. Utilizing the same standards implemented by OAuth 2.0 and OpenID Connect, you can secure your REST API. JSON Object Signing and Encryption (JOSE) is the core of a truly secure standards-based REST API. Let me show you how to ensure the data sent too and received from your API is as safe and secure as is reasonably possible.

Con Foo 2017 - Don't Loose Sleep - Secure Your REST

Adam Englander

Cryptography is a complex and confusing subject. In this session we'll distill PHP encryption down to its essential drivers. You'll learn what makes cryptography weak and strong. You'll learn the important questions to ask when making decisions regarding modules and libraries. This session won’t make you a cryptography expert but it will give you the knowledge necessary to protect your software from attack. No prior knowledge of cryptography is required for this session.

ZendCon 2017 - Cryptography for Beginners

Adam Englander

The Red Team, hackers, criminal organizations, and nation states, are a constant threat. The systems we build are the targets. We need to understand the human collateral that hangs in the balance. We embrace methodologies to write better code and make our lives better. They do nothing for the rest of humanity that is directly affected by security vulnerabilities we introduce. In this session we'll put a human face on the users of our software. It will challenge you to think in terms of flesh and blood rather than ones and zeros. We are all the Blue Team. We protect the rest of humanity. Join us in the fight. The Red Team is coming!

ZendCon 2017: The Red Team is Coming

Adam Englander

Asynchronous software development is rapidly moving from the niche to the mainstream. That mainstream now includes PHP. This workshop will give you hands on instruction in building an asynchronous application in PHP. We'll build a Twitter Bot utilizing the Amp concurrency framework for PHP and the Twitter Streaming API. During this time you'll learn the basics regarding the Amp event loop, generators and co-routines, and writing non-blocking code. Get ready for the future of PHP today.

ZendCon 2017 - Build a Bot Workshop - Async Primer

Adam Englander

BDD API Development with Symfony and Behat You may have built an API in Symfony before. You may have even written some browser tests in Beta. Did you ever consider using Behat to write integration tests for your API? If not, you definitely should. The portability and reusability of Behat steps make it the perfect platform for API integration tests. The Symfony kernel integration for Behat and absence of JavaScript in an API makes this match made in heaven. Pull up a cloud and let me show you the pure awesomeness that is BDD API Development with Symfony and Behat.

Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat

Adam Englander

The Red Team, hackers, criminal organizations, and nation states, are a constant threat. The systems we build are the targets. We need to understand the human collateral that hangs in the balance. We embrace methodologies to write better code and make our lives better. They do nothing for the rest of humanity that is directly affected by security vulnerabilities we introduce. In this presentation, I will put a human face on the users of our software. I will challenge you to think in terms of flesh and blood rather than ones and zeros. We are all the Blue Team. We protect the rest of humanity. Join me in the fight. The Red Team is coming!

Coder Cruise 2017 - The Red Team Is Coming

Adam Englander

Many developers struggle with how to properly secure REST APIs. If you are like me, you followed a process from a trusted provider like Amazon, Google, etc. What if I told you there was a better way? It’s JOSE, a collection of open standards from the IETF that has strong library support. It’s also the basis of OAuth 2.0 and OpenID Connect. Let me show you how to make a highly secure API for today and well into the future built on the framework of JOSE.

Don't Loose Sleep - Secure Your Rest - php[tek] 2017

Adam Englander

Asynchronous software development is rapidly moving from the niche to the mainstream. That mainstream now includes PHP. This workshop will give you hands-on instruction in building an asynchronous application in PHP. We will build a Twitter bot utilizing the Amp concurrency framework for PHP and the Twitter Streaming API. During this time you will learn the basics regarding the Amp event loop, generators and co-routines, and writing non-blocking code. Get ready for the future of PHP today.

Build a bot workshop async primer - php[tek]

Adam Englander

Python and Docker

Adam Englander

Concurrent Programming in Python

Adam Englander

Biometrics is all the rage. It has been touted as the best of all possible authentication methods. Very soon, your customers and standards boards will be requiring you implement some sort of biometric factor for authentication. Before you head down that road, you need to know the pitfalls to avoid before becoming the next big breach in the news. The very nature of biometrics requires special handling and forethought. Learn how biometric authentication is performed and how to safely secure biometrics to protect your users and future-proof your authentication.

Biometrics - Fantastic Failure Point of the Future

Adam Englander

IoT Lock Down - Battling the Bot Net Builders

Adam Englander

Are you worried that your REST API may be the next victim of an attack by ruthless hackers? Don't fret. Utilizing the same standards implemented by OAuth 2.0 and OpenID Connect, you can secure your REST API. Open and proven standards are the best ways to secure your REST APIs for now and well into the future. JSON Object Signing and Encryption (JOSE) is the core of a truly secure standards based REST API. In this talk, you will learn how to use the components of JOSE to secure your REST API for now and the future.

PHP UK 2017 - Don't Lose Sleep - Secure Your REST

Adam Englander

Mais de Adam Englander (20)

php[tek] 2018 - Biometrics, fantastic failure point of the future

Biometrics: Sexy, Secure and... Stupid - RSAC 2018

Practical API Security - PyCon 2018

Practical API Security - Midwest PHP 2018

Cryptography for Beginners - Midwest PHP 2018

Cryptography for Beginners - Sunshine PHP 2018

ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future

Con Foo 2017 - Don't Loose Sleep - Secure Your REST

ZendCon 2017 - Cryptography for Beginners

ZendCon 2017: The Red Team is Coming

ZendCon 2017 - Build a Bot Workshop - Async Primer

Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat

Coder Cruise 2017 - The Red Team Is Coming

Don't Loose Sleep - Secure Your Rest - php[tek] 2017

Build a bot workshop async primer - php[tek]

Python and Docker

Concurrent Programming in Python

Biometrics - Fantastic Failure Point of the Future

IoT Lock Down - Battling the Bot Net Builders

PHP UK 2017 - Don't Lose Sleep - Secure Your REST

Último

WSO2Con204 - Hard Rock Presentation - Keynote

WSO2

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

SelfMade bd

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic near me by a powerful astrologer and spell caster in Atlanta. Bring back your lover with Asaf's voodoo-love witchcraft. Psychic Reading | Astrologer | Spell Caster | Obsession Spells | Black Magic | Witchcraft | Protection spell | wiccan spells. Black magic expert and voodoo love spells that work overnight to retrieve that love | lost love spell caster with powerful love psychic reading. Best astrologer & psychic in Sandy Springs, GA to renew your relationship & make your relationship stronger. love spells to bring back the feelings of love for ex-lovers. Increase the intimacy, affection & love between you and your lover using voodoo relationship obsession spells in USA. Money spells, easy love spells with just words, think of me spell, powerful love spell, spells of love, spells that work, love potion to attract a man, easy love spells with just words, pink candle prayer, white magic spells, call me spell, manifestation spell, gay love spells, Commitment spells, business spells and, how to bring back lost love in a relationship, Witchcraft love spells that work immediately to increase love & intimacy in your relationship. Attraction love spells to attract someone, stop a divorce, prevent a breakup & get your ex back. When using love binding spells, there are several things you should know, particularly how to protect yourself from negative energies and how to use the powers of incantations for the good of all people involved. When the focus is love, the results are truly magical. It’s important to remember love is not manipulative, it is not forceful, and it does not bend another to its will. Love is free-flowing, accepting, kind, and generous. For your love spell to work as intended, you must have good intentions in your heart. Below, we share the top five love spells you can use today to shift the energies in your life and create a future filled with love and fulfilment. Obsession spells to Get Your Ex-Lover Back. All women want one thing the most in life to be love and love in return – not much to ask. A lady wants a good man who loves you unconditionally and loyally. You want a man who is honest, hardworking, and loyal – not a complainer or a weakling or a self-centred man. You are a strong, independent, sensual, caring, loving woman. And you don’t think it’s asking too much to want to be with a loving, intelligent man with a good sense of humour and daring, an upright and confident man – who knows who he is. No one wants a chauvinistic and macho man, but you do want someone who will be willing to protect and care for you. Who loves you for you and not some kind of imaginary. You have no doubt that when the right guy appears on your doorstep, you’ll never let him go. But sometimes a man doesn’t realize he has that good woman.

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...

chiefasafspells

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in Tembisa ● Abortion Pills For Sale in Tembisa ● Tembisa 🏥🚑!! Abortion Clinic Near Me Cost, Price, Women's Clinic Near Me, Abortion Clinic Near, Abortion Doctors Near me, Abortion Services Near Me, Abortion Pills Over The Counter, Abortion Pill Doctors' Offices, Abortion Clinics, Abortion Places Near Me, Cheap Abortion Places Near Me, Medical Abortion & Surgical Abortion, approved cyctotec pills and womb cleaning pills too plus all the instructions needed This Discrete women’s Termination Clinic offers same day services that are safe and pain free, we use approved pills and we clean the womb so that no side effects are present. Our main goal is that of preventing unintended pregnancies and unwanted births every day to enable more women to have children by choice, not chance. We offer Terminations by Pill and The Morning After Pill.” Our Private VIP Abortion Service offers the ultimate in privacy, efficiency and discretion. we do safe and same day termination and we do also womb cleaning as well its done from 1 week up to 28 weeks. We do delivery of our services world wide SAFE ABORTION CLINICS/PILLS ON SALE WE DO DELIVERY OF PILLS ALSO Abortion clinic at very low costs, 100% Guaranteed and it’s safe, pain free and a same day service. It Is A 45 Minutes Procedure, we use tested abortion pills and we do womb cleaning as well. Alternatively the medical abortion pill and womb cleansing !!!

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...

Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

masabamasaba

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

WSO2

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

Bert Jan Schrijver

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

masabamasaba

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Philip Schwarz

MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...

Jittipong Loespradit

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

%in Midrand+277-882-255-28 abortion pills for sale in midrand

masabamasaba

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

masabamasaba

Modeling languages are generally applied for developing systems and software – both internally, with domain-specific languages, and with standardized languages targeting a general purpose and a wide audience. Way too often these languages are weakly created and defined leading to poor quality: Language definitions tend to contain errors and inconsistencies; notations do not recognize the communication and problem-solving needs of humans; standardization organizations push exchange formats that do not fully work and offer certificates that do not measure mastery of the language. We describe common problems in language development and point them out with examples from known cases. To overcome these problems, we suggest several solutions to improve language development, including using modeling languages specifically designed to define modeling languages, continuous testing and prototyping, and keeping language users in the loop.

What Goes Wrong with Language Definitions and How to Improve the Situation

Juha-Pekka Tolvanen

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

masabamasaba

Announcing Codolex 2.0 from GDK Software

Jim McKeeth

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...

WSO2

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

masabamasaba

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

Basic web development in php

1. Build better code

2. Who Am I? Adam Englander adamenglander@yahoo.com @adam_englander http://adamknowsstuff.com https://github.com/derptest • DirectEdge Brands Director of Software Development • Coupla CTO • Founder/Organizer of Las Vegas PHP Users Group • Co-Organizer of Las Vegas Developers Users Group • #VegasTech Enthusiast http://www.slideshare.net/AdamEnglander/basic-web-development-in-php

3. Overview In this presentation you will learn how to build a web page that does the following:  Interacts with the user via HTML forms  Stores data in a database  Displays data stored in a database  Handles errors properly  Prevents injection attacks  Runs without installing a web server

4. Interacting with users via forms  Use the “post” action in your forms  Post data is accessible via the $_POST super global variable  Validate submitted data  Use htmlentities() when setting form data to prevent HTML injection and Cross-site scripting (XSS)

5. Storing Data in a Database  Use PDO when possible  Plenty of tutorials and examples  Allows for prepared statements to prevent SQL injection  Saves memory with result cursors  Allows use of multiple back-ends  Use prepared statements to prevent SQL injection attacks  Use exception error mode for ease of error handling

6. Displaying Data Stored in a Database  Use PDO – see last slide  Loop with fetch instead of fetch all to save on memory  If you are filtering data, use prepared statements and bind to prevent SQL injection attacks

7. Handle Errors Properly  Turn off error display to the user  Use try/catch exception handling to reduce complexity  Show the user a generic error message that can be tracked back to the error logs  Place as much data as possible in the error logs without risking exposing secret or private data

8. Prevents Injection Attacks  Use prepared statements with binding to prevent SQL injection  Validate input data to prevent malicious data being stored or shown to the user  Use htmlentities() to encode HTML and prevent HTML injection and cross-site scripting (XSS)

9. Run a PHP Web App Without Installing a Separate Web Server  As of PHP 5.4, PHP has a built in web server  Provides a simple way for building, testing, and debugging a web application without installing a bunch of infrastructure.  The built in web server SHOULD NOT be used for a live application

10. Lets See an Example in Action A sample application that provides a registration book of sorts is available to download/checkout on my Github account: https://github.com/aenglander/starter-app Download the zip or clone the repository to see a highly commented example on how to accomplish the items in these slides.

Basic web development in php

Recomendados

Recomendados

Mais conteúdo relacionado

Mais de Adam Englander

Mais de Adam Englander (20)

Último

Último (20)

Basic web development in php