Page 2 of 2

Re: newb question: why php?

Posted: Thu Dec 15, 2016 1:11 pm
by Mikari
I also use php for easy layout editing. It can also be used to give the option of multiple layouts or "skins" and contact forms as well as other server side tricks like text/images that change depending on the date/time.

Re: newb question: why php?

Posted: Sat Jan 07, 2017 5:20 pm
by Crystal
Masao wrote:The other easy vulnerability is if you dynamically include files (like a page.php?name or a page.php?x=name), if you don't check that it's only including files on your server, someone could try to load an external file by typing it in the browser page.php?[insert full url of a malicious file]
I'm kinda confused by this because I use the page.php?name on all my sites. Could you explain it to me? :o

Re: newb question: why php?

Posted: Sun Jan 08, 2017 4:27 am
by Masao
On mobile, or else I'd include full code explanation, sobs I'm going to be without internet for a few more days :sob:

But basically, depending on how you include your page, it might not check for if the file you're including is locally existing or not.

So instead of including your own subpage.php, someone could include their remote file. But if your dynamic include is just using one file that splits content in itself, then it's not a problem.

Basically the stuff after the ? is the page query, so when you type that in your browser and it gets sent back to your server and php interprets it as a query, and your code can so whatever it likes with that info.

For url includes, it usually means the name of a file to include, or something to request back from the database. Our forum URL is an example of that: the numbers after their labels are the id of the correct forum section or topic to find in the database. And the code behind the scenes uses that id to fill in a SQL command that retrieves the info from the database.

Re: newb question: why php?

Posted: Sun Jan 08, 2017 5:41 pm
by Crystal
Okay yeah mine is just one file. I think I understand. Thanks for explaining it to me Masao! :D

Re: newb question: why php?

Posted: Fri Mar 24, 2017 1:43 pm
by nyxmidnight
Actually there isn't any PHP6! PHP went directly from 5.6 to 7.

But yes, PHP7 is much faster than the previous versions! You can check out what is new on the PHP.NET Manual.

Re: newb question: why php?

Posted: Fri Mar 31, 2017 5:55 pm
by Mikari
jacky999 wrote:Thank you! I read that all php codes are handled server side. What does it mean?

I am new to php. I hope my question does not look too silly.
It means that everything is processed by the server rather than by the person's computer and the page displays the end result. That's why if you view the source you'll see the code that was generated rather than the php itself.