May 10, 2010
Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. Don’t be victimized. Securing PHP Web Applications will help you master the specific techniques, skills, and best practices you need to write rock-solid PHP code and harden the PHP software you’re already using.
Continue Reading »
Jul 21, 2009
Sridhar Rao "PHP and script.aculo.us Web 2.0 Application Interfaces (With Source Code)"
May 2009 | English | ISBN-13: 978-1-847194-04-6 | 364 Pages | PDF | 5.99 MB
Download LINk : RapidShare Link
Jun 28, 2009
先举一个简单的PHP防注入的例子。假设有一段用户登录的验证代码:
<?php
$user = $_POST['username'];
$pass= $_POST['password'];
$result = "SELECT * FROM users WHERE name = '$user' AND password = '$password'";
if($row = mysql_fetch_assoc($result)) {
//authenticated
}
?>
此时坏蛋用户只要输入下面的用户名和密码:
$user = "Dantago !Noabes";
$pass = "x' OR 'a'='a";
Continue Reading »
Apr 13, 2009
ISBN: 159863481X,
Author: Guy W. Lecky-Thompson,
Publisher: Course Technology PTR,
Pages: 432,
Publication Date: 2008-04-10
Continue Reading »
Jul 22, 2008
朱麟和我说起一个很好的Web开发模板系统clearsilver,关注了一下,看着确实不错,是一个数据驱动的模板引擎,基本上可以和逻辑完全分开,比较著名的应用项目有:Orkut、Google Groups、trac等。只是它现在主要的API是针对C/C++, Python, Perl, 和Java,针对PHP的只有实验性的ClearSilver PHP Extension。于是在网上搜了一把针对PHP的模板引擎。
以下翻译自Top 25 PHP template engines
Smarty
Smarty把模板编译成PHP脚本,然后执行。很快,很灵活。
Heyes Template Class
一个很易用、强大、快速的模板引擎,可以使页面的布局与设计与代码分离。
FastTemplate
一个简单易变的插值性模板类,对模板的变量进行解析,使HTML和变量值分离。
Continue Reading »
Contact
Subscribe
No Comments 
Addison-Wesley Professional, book, download, PHP, security, Tricia Ballad
