Archive for the "PHP" Category

Sanitisation and Validation in PHP

January 23rd, 2010 Fitra Aditya
{ 1 Comment }

What Do Sanitisation and Validation Mean? Sanitisation and Validation are important terms to understand when writing PHP applications. Both in the context of this tutorial are about processes performed on user input. Sanitisation is cleaning user input to make it safe to process, and Validation is checking the data to see if it is: in the correct format; of the correct type etc. It is important to sanitise and validate data coming in from users of your PHP applications, because if it is left unchecked, the input may be used to facilitate an exploit. Some of the most common exploits involving user input are: code injection, sql injection and header injection. And we will have a look at some of these during the tutorial.

Validation is a vital topic when handling user input. It helps to improve security, improve usability and reduce the amount of bugs in your program. To validate something, we first work out a criteria which our user input has to conform to. For example, we might want the user input to be a number between 10 and 99, we then test the user input against these rules, and if the input fails the check(s) we will not use the data and inform the user that they have input something incorrect. Ok, but what does that mean in terms of code? Well here’s an example of the code you might use to test a number to see if it is between 10 and 99. Read more…

English Version, PHP, Tutorial, Web Development , , , ,

Using References in PHP

January 22nd, 2010 Fitra Aditya
{ 2 Comments }

What are references? References are a tool in PHP that we can use to access the content of a variable through several identifiers (“names”). When a reference is modified, the content it points to will be changed directly, this means that when editing a reference or the original variable we change it for everything referencing that content simultaneously. To put it into context, say you had set up a company, and you applied for a P.O. Box for your office. You would then have two addresses, which point to the same place. References are like the P.O. box, they are “addresses” through which we can modify the content of a variable. In terms of code we could have a variable called $var and then make a reference to it called $vartwo, when $var is edited, $vartwo also changes and vica versa. References are created using “reference binding” this is very similar to assignment, but uses =& (equals ampersand) to tell the PHP parser that we are creating a reference and not a new variable. Below is an example of creating and using references to manipulate variables: Read more…

English Version, PHP, Tutorial, Web Development , , ,