composer.json
file is an object that uses many keys to specificy the configurationrequire
{
'require':{
"ezyang/htmlpurifier" : ">0.0"
}
}
vendor
directory in whatever directory it was run fromcomposer.json
require_once __DIR__ . '/vendor/autoload.php';
repository
key in composer.json
composer.json
with some additional keysrequire_once __DIR__ . '/vendor/autoload.php';
$faker = Faker\Factory::create();
echo $faker->name;
echo $faker->address;
echo $faker->text;
$this->load->database();
$query = $this->db->get('table_name');
foreach ($query->result() as $row)
{
echo $row->title;
}
var_dump
is a very similar command to print_r
, but contains more information good for debugging$obj = json_decode('{"a":1,"b":2,"c":3,"d":4,"e":5}');
echo print_r($obj,true);
var_dump($obj)
ini_set
`
ini_set("display_errors", 1);
error_reporting
function
error_reporting(E_ALL);
Available to view at https://www.csee.umbc.edu/~bwilk1/433/php_examples/errors_on.php
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
$aliens_title_by_release_year[1979] = "Alien"; # good
$aliens_title_by_release_year[1986] = "Aliens"; # good
$aliens_title_by_release_year[1992] = "Alien 3"; # eh...
$aliens_title_by_release_year[1997] = "Alien: Resurrection"; # avoid
?>
<h1>Warnings & Errors On</h1>
<ul>
<?
foreach(array_keys($aliens_title_by_release_year) as $key) {
print "<li>$key: $aliens_title_by_relaese_year[$key]</li>";
}
?>
</ul>
password_hash
and password_verify
$my_password = 'password1234';
echo password_hash($my_password,PASSWORD_DEFAULT);
echo password_hash($my_password,PASSWORD_DEFAULT);
$hash1 = password_hash($my_password,PASSWORD_DEFAULT);
echo password_verify($my_password,$hash1);
echo password_verify('password',$hash1);
$my_email = "bryan.wilkinson@umbc.edu";
filter_var($my_email,FILTER_VALIDATE_EMAIL);
$my_bad_email = "<script>doEvil();</script>@umbc.edu";
filter_var($my_bad_email,FILTER_VALIDATE_EMAIL);
$my_email = "bryan.wilkinson@umbc.edu";
$my_bad_email = "&34;script>doEvil();</script>@umbc.edu";
echo filter_var($my_email,FILTER_SANITIZE_EMAIL);
echo filter_var($my_bad_email,FILTER_SANITIZE_EMAIL);
$context = stream_context_create(array('ssl' => array('verify_peer' => TRUE)));
$body = file_get_contents('https://api.example.com/search?q=sphinx', false, $context);
$context = stream_context_create(
array('ssl' => array('verify_peer' => TRUE)));
$body = file_get_contents('https://www.umbc.edu', false, $context);
Example from https://php.earth/docs/security/sql-injection
$query = "SELECT username, email FROM users WHERE id = ?";
$stmt = $mysqli->stmt_init();
if ($stmt->prepare($query)) {
$stmt->bind_param("i", $id);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_array(MYSQLI_NUM)) {
printf ("%s (%s)\n", $row[0], $row[1]);
}
}
eval
is usedinclude
or require
/
or ../
and get somewehre they shouldn't$untrustedHtml = "<script><iframe src=''></script><b>Hello</b>";
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Allowed', 'p,b,a[href],i'); // basic formatting and links
$sanitiser = new HTMLPurifier($config);
$output = $sanitiser->purify($untrustedHtml);