PHP Questions

Post #11,499 by tablizer 10/3/01 2:15:48 PM Reply	PHP Questions There was a post on one of the Xiwethey forums about a PHP security hole. Does anybody remember where it was or what the topic was called? Also, it appears that PHP stores "session variables" directly into cookies. ASP only stores a sessionID as a client-side cookie, but the session variables and values themselves are kept on the server (under a given sessionID). Is there an option in PHP to do such? If so, is it used often in practice, or is the var-in-cookie aproach used the most? I purchased a PHP book, but it is not very good. Thats what I git for shopping around closing time. ________________ oop.ismad.com
Post #11,521 by drewk 10/3/01 2:48:28 PM Reply	The security hole was on file uploads There was a script you could use to patch it. Basically, PHP was putting system-generated variables in user space where they could be overwritten by user-supplied values in a form. That's been fixed in later versions, so if you're using the latest you shouldn't have a problem. As for the session stuff, get thee to [link\|http://www.php.net/manual/en/ref.session.php\|the source]. Actually, the online documentation is fairly thorough. There are occasional oddities, but the user-contributed notes on each page usually cover that. I wouldn't bother with a book on it at first. You should be able to get most of what you need to get started from the [link\|http://www.php.net/manual/en/\|online manual]. We have to fight the terrorists as if there were no rules and preserve our open society as if there were no terrorists. -- [link\|http://www.nytimes.com/2001/04/05/opinion/BIO-FRIEDMAN.html\|Thomas Friedman]
Post #11,690 by tablizer 10/4/01 2:36:54 AM Reply	Books easier on the eyes than screens But, Thanks for the info. Well written books are also better than most OSS docs IMO. The hard part is finding a good book. It is kind of like 70 percent are worse than the online docs, 25 percent are about the same, and 5 percent are better. I might be a matter of finding an author who thinks like you (but the guards rarely untie those kind of authors :-) ________________ oop.ismad.com
Post #11,708 by wharris2 10/4/01 6:31:56 AM Reply	90% of everything is crap but that other 10% can be jewelry. Who knows how empty the sky is In the place of a fallen tower. Who knows how quiet it is in the home Where a son has not returned. -- Anna Akhmatova (1889-1966)
Post #15,362 by tablizer 10/27/01 12:34:21 AM Reply	PHP "session" variables are lacking You have to keep "re-registering" them on every page in order to keep them according to PHP 4 Bible. However, I set up some routines to automatically re-register a single associative array that holds scalar "session variables". That way it feels more like the ASP approach, which the book admits does sessions better than PHP. And, the dollar signs, semicolons, case-sensitivity, and braces are still annoying. But it is almost worth the feeling of getting out from under Gates. ________________ oop.ismad.com
Post #13,211 by tablizer 10/13/01 8:58:52 PM Reply	Ghost book? It seems O'reilly once had a book called "PHP Programming" that is not listed anymore except under "used" in some sites. Did it suck so bad that they pulled it? (They still have a PHP reference.) Why would they yank it? There must be an interesting story behand it. ________________ oop.ismad.com

Welcome to IWETHEY!