Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein...
-
date post
21-Dec-2015 -
Category
Documents
-
view
219 -
download
2
Transcript of Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein...
![Page 1: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/1.jpg)
Copyright 2009 Justin C. Klein Keane
PHP Code Auditing
Session 1 – PHP FoundationsJustin C. Klein Keane
![Page 2: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/2.jpg)
Copyright 2009 Justin C. Klein Keane
Overview
Purpose of these sessions Gage PHP competency Assignments Length of the course
![Page 3: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/3.jpg)
Copyright 2009 Justin C. Klein Keane
What is PHP?
Dynamic scripting language Written in C
Served by a web server (Apache) CLI Current version is PHP 5 http://php.net
![Page 4: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/4.jpg)
Copyright 2009 Justin C. Klein Keane
Commercial Support
Zend (http://www.zend.com) Produces Zend Studio IDE Also produces debuggers, enterprise servers,
etc. Founded by some of the chief PHP
developers
![Page 5: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/5.jpg)
Copyright 2009 Justin C. Klein Keane
Developing PHP
Access to a web server that supports PHP Eclipse using PHP Development Tools (PDT)
Bundle from http://www.eclipse.org/pdt Nice to have Remote System Exporer (RSE)
installed as well http://www.eclipse.org/dsdp/tm/
Best source of documentation is http://php.net
![Page 6: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/6.jpg)
Copyright 2009 Justin C. Klein Keane
PHP Basics
PHP is plain text When a URL is requested Apache parses the
text file and interprets any PHP Apache must be able to read the file Apache interprets the file every time
.php is the common extension but any is possible
![Page 7: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/7.jpg)
Copyright 2009 Justin C. Klein Keane
Structure of PHP
PHP is delimited with:
<?php
?> Any material between the delimiters is
interpreted Text outside of the delimiters is treated as static
![Page 8: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/8.jpg)
Copyright 2009 Justin C. Klein Keane
Simple 'Hello world'
<?php
echo “Hello world”;
?>
![Page 9: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/9.jpg)
Copyright 2009 Justin C. Klein Keane
Web friendly 'Hello world'
<html>
<body>
<?php
echo “Hello world”;
?>
</body>
</html>
![Page 10: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/10.jpg)
Copyright 2009 Justin C. Klein Keane
Apache renders as:
<html>
<body>
Hello world
</body>
</html>
![Page 11: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/11.jpg)
Copyright 2009 Justin C. Klein Keane
PHP Syntax - Comments
// One line comment
/*Multiline comment
*/
# Acceptable but discouraged one line comment
![Page 12: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/12.jpg)
Copyright 2009 Justin C. Klein Keane
PHP Syntax Basics - Variables
Variables are denoted with the $ sign Variables names must be alphanumeric or
undersign PHP variables are case sensitive
![Page 13: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/13.jpg)
Copyright 2009 Justin C. Klein Keane
PHP Variables
Variables are not statically typed Integers can become floats can become strings Variable types include:
Boolean
Integer
Float
String
Array
Object
Resource
NULL
![Page 14: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/14.jpg)
Copyright 2009 Justin C. Klein Keane
Operators
Arithmetic operators +, -, *, /, %
String operators .
Assignment operators =, .=, +=, -=, *=, /=
![Page 15: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/15.jpg)
Copyright 2009 Justin C. Klein Keane
Operators (cont.)
Comparison operators ==, ===, !=, <>, !==, <, >, <=, >=
Increment, decrement operators ++, -- (pre and post)
Logical operators !, &&, ||, and, or, xor
![Page 16: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/16.jpg)
Copyright 2009 Justin C. Klein Keane
Strings
Strings are delimited by quotes Different behavior depending on single or
double quote Example strings:
$a = 'foo'; $b = “$a bar”; $c = $a . $b
![Page 17: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/17.jpg)
Copyright 2009 Justin C. Klein Keane
Arrays
$array = array();$array = ('one', 'two', 'three');$array[0] = 'new one';
$assoc_array = ('one'=>'uno', 'two'=>'dos');$assoc_array['one'] = 'uno nuevo';
![Page 18: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/18.jpg)
Copyright 2009 Justin C. Klein Keane
Control Structures
If Else Elseif and else if
![Page 19: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/19.jpg)
Copyright 2009 Justin C. Klein Keane
If Else Statement
if ($a < $b) {print “$a is less than $b”;
}else {
print “$b is less than $a”;}
Can you spot the logic flaw above?
![Page 20: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/20.jpg)
Copyright 2009 Justin C. Klein Keane
If Else Statement (alt)
if ($a < $b)echo “$a is less than $b”;
else if ($a == $b) echo “$a is equal to $b”;
else echo “$b is less than $a”;
![Page 21: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/21.jpg)
Copyright 2009 Justin C. Klein Keane
Ternary Statement
$result = ($a < $b) ? 'a is less' : 'a is not less';
![Page 22: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/22.jpg)
Copyright 2009 Justin C. Klein Keane
While loops
$a = 1;while ($a < 10) {
echo $a . “<br/>”;$a++;
}
![Page 23: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/23.jpg)
Copyright 2009 Justin C. Klein Keane
Do While Loops
$a = 0;do {
echo $a;$a++;
} while ($a < 10);
![Page 24: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/24.jpg)
Copyright 2009 Justin C. Klein Keane
For loop
for ($a=0; $a<10; $a++) {echo $a . “<br/>”;
}
![Page 25: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/25.jpg)
Copyright 2009 Justin C. Klein Keane
Break Control
for ($a=0; $a<10; $a++) {if ($a == 5) break;echo $a;
}
![Page 26: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/26.jpg)
Copyright 2009 Justin C. Klein Keane
Continue (skip)
for ($a=0; $a<10; $a++) {if ($a==5) continue;print $a;
}
![Page 27: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/27.jpg)
Copyright 2009 Justin C. Klein Keane
Switch
switch ($a) {case 0:
echo 'a is zero';break;
case 1:echo 'a is one';break;
default:echo 'a is something else';
}
![Page 28: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/28.jpg)
Copyright 2009 Justin C. Klein Keane
Functions
function foo() {return “bar”;
}
echo foo();
![Page 29: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/29.jpg)
Copyright 2009 Justin C. Klein Keane
Functions (cont.)
function foo($a='bar') {$a .= “ something”;return $a;
}
$retval = foo('foo');
![Page 30: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/30.jpg)
Copyright 2009 Justin C. Klein Keane
Classes
class Foo {$name;__construct($name) {
$this->name = $name;}
}
$myvar = new Foo('foobar');echo $myvar->name;
![Page 31: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/31.jpg)
Copyright 2009 Justin C. Klein Keane
Classes (cont.)
class Foo {$var = 'bar';function getVar() {
$var = 'inner_var';return $var;
}}
$a = new Foo();$b = $a->getVar();
![Page 32: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/32.jpg)
Copyright 2009 Justin C. Klein Keane
Building PHP with Includes
<?phpinclude('inc/foo.php');require('inc/bar.php');$a = new Foo();echo $a->somevar;
?>
![Page 33: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/33.jpg)
Copyright 2009 Justin C. Klein Keane
Some Useful Built-in Functions for Debugging
die(“message”);
echo “<!-- here -->”;
print_r($variable);
echo phpinfo();
![Page 34: Copyright 2009 Justin C. Klein Keane PHP Code Auditing Session 1 – PHP Foundations Justin C. Klein Keane jukeane@sas.upenn.edu.](https://reader036.fdocuments.us/reader036/viewer/2022081516/56649d5c5503460f94a3b013/html5/thumbnails/34.jpg)
Copyright 2009 Justin C. Klein Keane
For Next Time
1) Install Eclipse PDT
2) Install the RSE extensions
3) Download the VMWare image for development
4) Connect to the VMWare image web root at: /var/www/html
5) Create a new default page with your name and the PHP configuration information