Home > Backend Development > PHP Tutorial > Recommend a book that all PHP programmers should read, a PHP program that should be read_PHP Tutorial

Recommend a book that all PHP programmers should read, a PHP program that should be read_PHP Tutorial

WBOY
Release: 2016-07-13 10:10:28
Original
968 people have browsed it

Recommend a book that all PHP programmers should read, a book that all PHP programmers should read

PHP has had a bad reputation in recent years. There's a lot of discussion about its "summary of bad design" and syntactic inconsistencies, but the main complaint is usually security. Many PHP sites are hacked in minutes, and even some experienced and knowledgeable programmers will say that the language itself is unsafe.

I’m always against this because there are so many PHP security violations for common sense reasons.

 PHP applications are often hacked due to :

There are too many PHP applications.
It's easy to learn and write.
Bad PHP is also easy to write.

It’s that simple. PHP has been popular for many years. The more popular PHP becomes, the more vulnerabilities are discovered. The vulnerabilities discovered by these hackers are rarely in the PHP processing engine itself, but are usually weaknesses in the script itself.

This means that when a PHP application is hacked, it is mostly the programmer's fault. Sorry, but it's true.

You can write secure PHP just like other web languages. It's time to start really exploring security issues.

 The best protection against PHP hacks

Writing secure PHP code is not a secret black art hidden from PHP developers. But confidence is so fragmented that you need to spend weeks or months (or not so long) gathering some loose catalog or rule of thumb on good security practices. Only true experience will tell you how important it is.

Fortunately, Ben Edmunds has done it for you. It recently published Building Secure PHP Apps – a Practical Guide, which is one of the best security-related books I’ve ever read, and certainly the best coverage of PHP. In this article I'll detail why I think every PHP developer should read it.

This book is a concise guide that will take you to the next level as a developer, allowing you to create better, more secure scripts.

Introduction
The book quickly gets into the common sense rules of web development: don’t trust your users and filter all input. Start with a small scenario and jump to the technical methods by which users can enter the system. The themes of Chapter 1 are:

SQL injection
A large number of assignment fields
Type conversion
Filter input/output
These are things that PHP novices (and some veterans) have always overlooked. Filtering input is considered an optional step by many and is discussed extensively in this chapter.

As I read, I was reminded of my first day at work many years ago, when I dug into the existing code and found the code for the new user creation script:

Copy code The code is as follows:

if ($_POST["isadmin"] == 1) {
// code to set to admin in database
}

I panicked when I saw this code because it is a very effective script that could easily be guessed by a malicious user and insert a simple form variable to access approximately 5,000 credit card numbers. and other personal information.

After digging deeper, I found the following code:

Copy code The code is as follows:

$sql = "INSERT INTO database (id,name,...) VALUES (" . $_POST["Name"] . ");"

I pretty much walked out of that job on day one because they were relying on this horrible code. The code is there, and it's your responsibility to change it to avoid creating more.

This chapter discusses why code like this is a huge risk and how to fix it.

HTTPS and certificates

This is another area where Ben includes scripts, stories, and a bit of humor, while also clearly explaining the less clear concept of HTTPS. He explains it in a way that even your boss can understand.

This book very comprehensively describes how certificates work, certificate types and implementation methods, even including how to deploy on Apache or Nginx.

Password

This book carefully explains passwords, hashes, lookup tables, and salts, which is incredibly helpful for developers creating user login systems.

This is an area that was sorely lacking even in 2014. I still come across apps that store passwords in plain text or use stupid methods like ROT13 encryption to protect them. For the sake of keeping people using your app, and your good name, don't do this.

Passwords and other sensitive data should be very difficult to obtain, or even gain full access to the database. This book is very comprehensive and will give you good guidance on designing better systems.

Authentication and access control
The topics covered in this book are very comprehensive. When you build a new PHP application, some of the top considerations are:

Who can access which resources?
Who can control other user access?

This is an important place to think about applications, especially applications that handle sensitive data. A considerable part of the development in the enterprise is dedicated to this. If you don't set up authentication and access control correctly, the most likely thing that will happen is that you confuse users and create more work. Even worse than this are server data gaps and/or data corruption.

This book does a good job of covering the basics, and then it dives into things like controlling access to files or individual pages of an application, with lots of code examples for reference.

Specific use

Covering some common exploits to compromise a system, this book explores in great detail cross-site scripting, arguably the most common way attackers exploit applications. It explains the different kinds of attacks and how to protect yourself.

Not bad, right? You can purchase books at a discount through this link!

What I like most about this book

What I really enjoyed while reading this book is how the information is presented in a way that is useful to both beginners and experienced programmers. There is a range of concepts presented, what they are and how to protect yourself. There are plenty of code examples, not the "padding" that some technical books have.

You can read through this book quickly because there is not much content. Novices can read through this book, examine each topic, start looking at their code, and make corrections. Remember that in this matter, you need to keep revising. If you look back and you're ashamed of the code you wrote six months ago, you're doing the right thing.

More advanced, experienced programmers can use this guide to fill in their weaknesses (admit it, no matter how long you’ve been in this industry, you have weaknesses) and better understand the tools they use in their work. system. For example, I've used authentication like crazy for years, but never thought about it at the level that this book covers.

No matter who you are, you will learn something. So stop reading this article and go buy a copy! Use this link to purchase and get a discount! !

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/935480.htmlTechArticleRecommend a book that all PHP programmers should read. A PHP program should be read. PHP has had a bad reputation in recent years. . There's a lot of discussion about it being "a collection of bad designs" and grammatical inconsistencies, but...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template