Scribd
Upload
6 views

PHP_lec1

The document provides an overview of PHP, an open-source server-side programming language used for developing dynamic web applications. It covers key features, uses, and how PHP interacts with web servers, as well as highlights important application security concerns and best practices. Additionally, it discusses PHP's syntax, variables, and case sensitivity.

Uploaded by

wweer830
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

PHP_lec1

The document provides an overview of PHP, an open-source server-side programming language used for developing dynamic web applications. It covers key features, uses, and how PHP interacts with web servers, as well as highlights important application security concerns and best practices. Additionally, it discusses PHP's syntax, variables, and case sensitivity.

Uploaded by

wweer830
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

Web Application Security

By
MSc. Noor Adel
Introduction to PHP
Main Points:
 Definition of PHP and its importance
 Key features of PHP
 Uses of PHP
 How PHP works with web servers
 Application security in PHP
 Frameworks and their role in application
development
 Best security practices in PHP
 Conclusion and open discussion
PHP Introduction
PHP (Hypertext Preprocessor) is an open-source
programming language used for developing dynamic web
applications.
It operates on the server-side and integrates with HTML to
generate dynamic web pages.
What Can PHP Do?
• PHP can generate dynamic page content
• PHP can create, open, read, write, delete, and close
files on the server
• PHP can collect form data
• PHP can send and receive cookies
• PHP can add, delete, modify data in your database
• PHP can be used to control user-access
• PHP can encrypt data

With PHP you are not limited to output HTML. You can
output images, PDF files, and even Flash movies. You
can also output any text, such as XHTML and XML.
Key features of PHP
• Easy to learn and use
• Fast development
• Compatible with many databases
Key Features of PHP:
 Open-source: Free and supported by a large
community
 Database support: Such as MySQL and PostgreSQL
 High performance: Provides fast responses for
dynamic applications
 Compatibility: Works on different operating systems
(Linux, Windows, macOS)
 Strong frameworks: Such as Laravel and Symfony for
large-scale application development
 PHP is FREE to download from the official PHP
resource: www.php.net
Uses of PHP:
• Creating dynamic websites
• Developing content management systems (CMS) like
WordPress
• Building e-commerce applications like Magento
• Developing APIs
• User login and management systems
How PHP Works with Web Servers:
PHP is installed on the server (like Apache or Nginx).
When a web page is requested, the server executes the
PHP code and returns the result as HTML to the
browser.
PHP can process user inputs and send dynamic
responses.
Application Security in PHP:
 The importance of cybersecurity in PHP:
 PHP is used in the development of many applications,
making it vulnerable to attacks if not used correctly.
 Common vulnerabilities in PHP:
 SQL Injection: When malicious SQL code is inserted
via inputs.
 Cross-Site Scripting (XSS): Inserting harmful
JavaScript code into web pages.
 Session Hijacking: Exploiting user sessions to steal
their data.
Instead of lots of commands to output HTML ,PHP
pages contain HTML with embedded code that does
"something" (like in the next slide, it outputs "Hi, I'm a
PHP script!").

The PHP code is enclosed in special start and end


processing instructions <?php and ?> that allow you to
jump into and out of "PHP mode."
PHP code is executed on the server, generating HTML
which is then sent to the client. The client would receive
the results of running that script, but would not know
what the underlying code was.
Above is the PHP source code.
It renders as HTML that looks like this:
This program is extremely simple and you really did not
need to use PHP to create a page like this. All it does is
display: Hello World using the PHP echo() statement.

Think of this as a normal HTML file which happens to


have a set of special tags available to you that do a lot of
interesting things.
PHP Version
 To check your php version you can use the
phpversion() function:
PHP Comments

A comment in PHP code is a line


that is not read/executed as part
of the program. Its only purpose
is to be read by someone who is
looking at the code.
PHP Case Sensitivity
In PHP, all keywords (e.g. if, else, while, echo, etc.), classes,
functions, and user-defined functions are NOT case-sensitive.
In the example below, all three echo statements below are
legal (and equal):
Ex:
<!DOCTYPE html>
<html> <body>
<?php ECHO "Hello World!<br>";
echo "Hello World!<br>";
EcHo "Hello World!<br>"; ?>
</body>
</html>
However; all variable names are case-sensitive.
In the example below, only the first statement will display the
value of the $color variable (this is because $color, $COLOR,
and $coLOR are treated as three different variables)
Ex:
<?php
$color = "red";
echo "My car is " . $color . "<br>";
echo "My house is " . $COLOR . "<br>";
echo "My boat is " . $coLOR . "<br>";
?>
PHP Variables
PHP Variables:
• Start with a $
• Contain only letters, numbers, and the underscore
• The first character after the $ cannot be a number
• Are case-sensitive
• Use a consistent naming scheme!
Ex:
<?php
$txt = "Hello world!";
$x = 5;
$y = 10.5; ?>
THANK YOU

You might also like