newb question: why php?

Everything related to the visual and coding aspects of websites.
Mikari
Posts: 3159
Joined: Thu Jun 21, 2012 6:30 pm
Location: Coruscant
Contact:

Re: newb question: why php?

Post by Mikari »

I also use php for easy layout editing. It can also be used to give the option of multiple layouts or "skins" and contact forms as well as other server side tricks like text/images that change depending on the date/time.
Crystal
Posts: 2320
Joined: Thu Jul 19, 2012 5:02 pm
Location: Alberta Canada
Contact:

Re: newb question: why php?

Post by Crystal »

Masao wrote:The other easy vulnerability is if you dynamically include files (like a page.php?name or a page.php?x=name), if you don't check that it's only including files on your server, someone could try to load an external file by typing it in the browser page.php?[insert full url of a malicious file]
I'm kinda confused by this because I use the page.php?name on all my sites. Could you explain it to me? :o
There are shadows before us - but only because the light is at our back.
Masao
Host
Posts: 579
Joined: Thu Jun 16, 2011 12:29 am
Contact:

Re: newb question: why php?

Post by Masao »

On mobile, or else I'd include full code explanation, sobs I'm going to be without internet for a few more days :sob:

But basically, depending on how you include your page, it might not check for if the file you're including is locally existing or not.

So instead of including your own subpage.php, someone could include their remote file. But if your dynamic include is just using one file that splits content in itself, then it's not a problem.

Basically the stuff after the ? is the page query, so when you type that in your browser and it gets sent back to your server and php interprets it as a query, and your code can so whatever it likes with that info.

For url includes, it usually means the name of a file to include, or something to request back from the database. Our forum URL is an example of that: the numbers after their labels are the id of the correct forum section or topic to find in the database. And the code behind the scenes uses that id to fill in a SQL command that retrieves the info from the database.
THE FATE OF DESTRUCTION IS ALSO THE JOY OF REBIRTH.
Crystal
Posts: 2320
Joined: Thu Jul 19, 2012 5:02 pm
Location: Alberta Canada
Contact:

Re: newb question: why php?

Post by Crystal »

Okay yeah mine is just one file. I think I understand. Thanks for explaining it to me Masao! :D
There are shadows before us - but only because the light is at our back.
nyxmidnight
Communications Staffer
Posts: 1078
Joined: Sat Oct 13, 2012 7:55 pm
Location: Canada
Contact:

Re: newb question: why php?

Post by nyxmidnight »

Actually there isn't any PHP6! PHP went directly from 5.6 to 7.

But yes, PHP7 is much faster than the previous versions! You can check out what is new on the PHP.NET Manual.
Join in the Tale, in the Blight, of Conquest and Lies
Come the Sun, to Tarnish in the Sky
Vow that we shall Tear the Light - Dark seizes the Throne
Lost in thoughts, all alone
Mikari
Posts: 3159
Joined: Thu Jun 21, 2012 6:30 pm
Location: Coruscant
Contact:

Re: newb question: why php?

Post by Mikari »

jacky999 wrote:Thank you! I read that all php codes are handled server side. What does it mean?

I am new to php. I hope my question does not look too silly.
It means that everything is processed by the server rather than by the person's computer and the page displays the end result. That's why if you view the source you'll see the code that was generated rather than the php itself.
Post Reply