PHP: Unterschied zwischen den Versionen

Secure "included php files"

index.php
<?php
     if((!defined('z'))){ define('z','0');  }
     include('file.php')
?>

file.php
<?php
     if((!defined("z"))){exit;}
?>

HackBugZ | PHP-SECURE-INCLUDE-FILE

f611e2d0c2b292bce687e6c090956d63e396124abc17c2a2fa662c7ff6118ef2b43388c9d007cd2fadcad7d7952e6f855826028d58e5b1edd7264b2797996381

Secure php dynamic code build.

$_GET[] | Query Navigation

Example 1

<?php
   $PAGES          = array();
   $PAGES = [
      'home'       => 'home.html'
     ,'about'      => 'about.php'
     ,'contact'    => 'somedir/contact.php'
   ];
   @include(substr($PAGES[$_GET['p']] ?? ('home'), 0, 255));
   exit;
?>

Example 2

<?php
   $PAGES          = array();  
   $PAGES = [
      'home'       => 'home.html'
     ,'about'      => 'about.php'
     ,'contact'    => 'somedir/contact.php'
   ];
   @include($PAGES[$_GET['p']] ?? ('home'));
   exit;
?>

CHANGE MAX UPLOAD FILESIZE

You can try it with .user.ini or .htaccess or ini_set(in your php script)
For me .user.ini works perfectly

1. Create a new file(0644 on Linux) .user.ini on your webspace/working dir with
max_execution_time = 10000
upload_max_filesize = 5000M
post_max_size = 5000M

This is my config file .user.ini on my webspace and it works.
You can change the values to your needs.

2. Create a new file(0644 on Linux) .htaccess on your webspace/working dir with
php_value upload_max_filesize 1000M
php_value post_max_size 1000M
! Don't forget the first dot/point at the beginning of the file.

3. Put this on the beginning of your php script
ini_set('upload_max_filesize', '1000M');
ini_set('max_execution_time', '1000');
ini_set('memory_limit', '128M');
ini_set('post_max_size', '1000M');

If this won't work(and you can't modify php.ini) than call your webhoster and ask him, what you can do :)

CHECK FOR DUPLICATE FILE WITH

$ sha1_file($file)

$ md5_file($file)

$ file_get_contents($file)

Is SHA sufficient for checking file duplication? (sha1_file in PHP)

GET PATH OR FILE URL

 echo __DIR__; 
 echo __FILE__; 

ternary operator

php short if/else
PHP Shorthand If / Else Examples
Shorthand comparisons in PHP

PHP ERROR HANDLING IN SCRIPT

Exceptions
 try{}
 catch{}
 finally{}
Laufzeit-Konfiguration

prevent code injection attacks in PHP

mysql_real_escape_string used when insert into database
htmlentities() used when outputting data into webpage
htmlspecialchars() used when?
strip_tags() used when?
addslashes() used when?

htmlspecialchars() used when?
htmlspecialchars

htmlspecialchars is roughly the same as htmlentities. The difference: character encodings.

Both encode control characters like <, >, & and so on used for opening tags etc. htmlentities also encode chars from other languages like umlauts, euro-symbols and such. If your websites are UTF, use htmlspecialchars(), otherwise use htmlentities().
How to prevent code injection attacks in PHP?

ALL POST DATA PHP

foreach ($_POST as $key => $value) {
   echo "Field ".htmlspecialchars($key)." is ".htmlspecialchars($value);
 }

PHP: Possible to automatically get all POSTed data?

How can I prevent SQL injection in PHP?

How can I prevent SQL injection in PHP?

SETCOOKIE WITH PHP AND CHECK|READ

[1]