Recommend a PHP program the books that apes should read _php example

PHP has had a bad reputation over the years. There is a lot of discussion about its "summary of poor design" and grammatical contradictions, but the main complaint is usually security. Many PHP sites are hacked in minutes, and even some experienced and knowledgeable programmers will say that the language itself is unsafe.

I always disagree with this because there are so many security breaches in PHP because there are common sense reasons.

　　PHP applications are often hacked because :

There are too many PHP applications.
It is easy to learn and write.
Bad PHP is also easy to write.

It's so simple. PHP has been popular for many years. The more popular PHP is, the more vulnerabilities it finds. The vulnerabilities found by these hackers are rarely the PHP processing engine itself, often the weaknesses of the script itself.

This means that when a PHP application is hacked, most programmers are wrong. I'm sorry, but that's the truth.

You can write secure PHP as well as other web languages. It's time to start really exploring security issues.

　　Prevent the best protection of PHP hack

Writing secure PHP code is not a secret black art that is hidden from PHP developers. But confidence is so fragmented that you need to spend weeks or months (or no longer) collecting some of the good security practices of some scattered catalogues or rules. Even the real experience will tell you how important it is.

Luckily Ben Edmunds has done it for you. It recently published "Building Secure PHP Apps–a practical Guide", one of the best security-related books I've ever read and, of course, best covers PHP. This article I will elaborate on why I think every PHP developer should read.

This book is a concise guide that takes you to the next level as a developer, allowing you to build better, more secure scripts.

Brief introduction
The book quickly enters the common sense rule of web development: Don't trust your users, filter all input. Starting from a small scenario, jump to the technical method that the user can enter the system. The themes of the first chapter are:

SQL injection
A large number of assignment fields
Type conversions
Filter input/Output
These are the places that beginners (and some veteran) of PHP have been easy to overlook. Filtering input is seen by many as an optional step, and this chapter has been extensively discussed.

During the reading process, it reminded me of my first day of work years ago, when I dug into the existing code and found the code for the new user to create the script:

Copy Code code as follows:

if ($_post["isadmin"] = = 1) {
Code to set to admin in database
}

When I saw this code, I panicked because it was a very effective script that was easily handled by a malicious user, guessed it and inserted a simple form variable to access approximately 5,000 credit card numbers and other personal information.

After digging deep, I found the following code:

Copy Code code as follows:

$sql = "INSERT into database (Id,name,...) VALUES (". $_post["Name"]. ");"

I almost walked out of that job on the first day because they were relying on these horrible codes. The code is there, and it's up to you to change it, and be sure to avoid creating more.

This chapter discusses how code like this is a huge risk and how to fix it.

HTTPS and certificates

This is another area where Ben contains scripts, stories, and a little humour, while also clearly explaining the concept of less-than-clear HTTPS. The way he explains it, even your boss can understand it.

This book is a very comprehensive description of how the certificate works, the type of certificate and how it is implemented, and even how to deploy on Apache or Nginx.

Password

This book is a careful explanation of passwords, hashes, table queries (lookup tables) and salts, which is incredibly helpful for developers to create user login systems.

This is an area that has been desperately lacking even in 2014 years. I can still run into apps that store plain text passwords or, like ROT13, encrypt "Note 1" to protect their stupid methods. In order for people to use your application and your good name, please do not do so.

Passwords and other sensitive data should be very difficult to obtain and even have access to all the permissions of the database. This book is fully inclusive and will give you a good guide to designing a better system.

Authentication and access Control
This book contains a very comprehensive theme. When you build a new PHP application, some of the first considerations are:

Who can access which resources?
Who can control other user access?

This is an important place to consider applications, especially those that handle sensitive data. A considerable part of the enterprise development is dedicated to this. If you do not correctly establish authentication and access control, what is most likely to happen is that you are confusing the user and creating more work. Worse than this is the server data gap and/or data corruption.

The book covers the basics, and then it delves into work like controlling access to a single page of a file or application, as well as a number of code examples for reference.

Specific use

This book covers a few common exploits to break the system, exploring Cross-site scripting in great detail, which can be said to be the most common way for an attacker to exploit an application. It explains the different kinds of attacks and how to protect yourself.

Nice, huh? You can buy books at a discount through this link!

The place where I like this book best

In the course of reading this book, what I really enjoy is how information is presented in ways that are useful to beginners and experienced programmers. A series of concepts are presented, what they are and how to protect themselves. There are a lot of code examples, not like the "padding code" that some technical books have.

You can read through the book quickly, because there is not much content. Beginners can read through the book, check each topic, start looking at their code, and make corrections. Remember that in this matter, you need to keep revising. If you look back, you'll be ashamed of the code you wrote six months ago, and you're doing the right thing.

More advanced, experienced programmers can use this guide to fill their weaknesses (no matter how long you are in the business, you have weaknesses, admit it), and better understand the systems they use at work. For example, I've been using authentication for so many years, but I've never considered it at the level mentioned in this book.

No matter who you are, you will learn something. So do not read this article, to buy a copy of it! Use this link to purchase is a discount!!