File Operation in PHP (Part 2)

Assalamualaikum and Selamat Sejahtera

Today we will learn these : fopen(),    feof()    ,fgets()    ,fclose().

1.Use the previous post text file.

2.Open the "www" folder,make a new PHP file called : openfile.php.Inside this file,write this code below.

<?PHP $file_contents = fopen("phpFILE.txt", "r"); print $file_contents; fclose($file_contents); ?>

3..Save it and run this file ,by type at the browser's address : http://localhost/openfile.php.


4.So,as we run it it will display this on the browser :

What we usually expect it,it will display the content of file.But it only display this words.For your information,this words are the pointer for phpFILE.txt. So,how to display it?well we will use the next function which is fgets(). Here is the code. <?PHP $file_handle = fopen("phpFILE.txt", "r"); while (!feof($file_handle)) { $line_of_text = fgets($file_handle); print $line_of_text . "<BR>"; } fclose($file_handle); ?>

So,before run this file.Open the phpFILE.txt first and then add another this statement :
1 2 3 4 5 6 7 8 9 10 end of file!

Okey,now run it....and of course la,the browser will display like this :

So,the function that we will discuss is feof().The meaning of feof is "file end of file".So,in while loop,it will keep asking the function "file end of file" either its already end of file yet.Function "file end of file" will be true when it reach at end of file.That why if we type while like this : while( feof ($file_to_handle) ) ,it will only show the end line of file only.

Furthermore,fopen(first parameter , second parameter) function for to open the file.The first parameter is for the name of file.The second parameter is for mode ,"r" is means read.Here is example of modes:

Modes	Description
r	Read only. Starts at the beginning of the file
r+	Read/Write. Starts at the beginning of the file
w	Write only. Opens and clears the contents of file; or creates a new file if it doesn't exist
w+	Read/Write. Opens and clears the contents of file; or creates a new file if it doesn't exist
a	Append. Opens and writes to the end of the file or creates a new file if it doesn't exist
a+	Read/Append. Preserves file content by writing to the end of the file
x	Write only. Creates a new file. Returns FALSE and an error if file already exists
x+	Read/Write. Creates a new file. Returns FALSE and an error if file already exists

That all for today
Thank you!

File Operation in PHP

Assalamualaikum and Selamat Sejahtera

1.Make a text file called phpFILE.txt.Inside that text file,just type "This is PHP file.You open this file!".

2.Then put this textfile inside the folder called "www".

3.Inside the "www" folder,make a new PHP file called : readfile.php.Inside this file,write this code below

<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title></title> </head> <body> <?php $file_contents = readfile("phpFILE.txt"); print $file_contents; ?> </body> </html>

4.Save it and run this file ,by type at the browser's address : http://localhost/readfile.php

Beside,there is another function same as readfile("nameofFILE.txt") which is called file_get_contents(the_file_that_to_be_read).Here is the example of code:

<?PHP $file_to_read = "readfile.txt"; print file_get_contents($file_to_read); ?>

That all for today,Thank You!!

Security PHP part(3)

Assalamualaikum and selamat sejahtera

As we already learn at previous post ,we only learn on function that just straightly print out the any special characters or code.But,unfortunately that function is not that dynamic because maybe some special characters or code,we think that it is not harmful.So,for this post we will learn a function that enable us to select any characters and this function will read the selected the characters instead of straightly print......Word is not good as i show the picture,ryte?So,below i show to you,the function that i talk about.

The function is:  strip_tags($string,tags-that-to-ignore);

So,here is the situation,we want the power up the security that we want to block any tags that might harmful such as anchor tag(<A HREF="aaa"></A>) that link to any website.But,for bold tag(<B></B>) is not a harmful tag ryte...it just bold some text.So,to make this situation happen.First,we copy first the previous code ,then find this line:

$name = $_POST['name'];
echo $name;

and change it to this:

$name = $_POST['name'];
$name = strip_tags($name, "<B>");
echo $name;

Run it,and type this code below inside the textbox ,then click the 'send'  button:

<B>Hye,i'm a bold text</B>

it should display right this,ryte?
 

   That all for today!!any question??just ask here

N/nOtE:So,we can unblock any tag that we want,just only one type of tag only.

Security PHP part(2)

Assalamualaikum and selamat sejahtera

Wow,its been a long time that i stop to post.Well,something happen must have some reason to cause  it happened ,right?huhuhu...the reason is i'am quite busy recently.doing some homework..like sweeping the leaves,throw some thrash,reading comic(Shin Chan),sleeping and some jobs that i think it quite reasonable to do,haha.Okey,just stop this some nonsense things,now we just continue what we have not done yet.

To follow this post please refer the previous post first.

There is a lot of ways to tackle this attack,so,for this post,we will only learn the two function to practice the security.

So,the first function is htmlspecialchars().Here is the example:

First copy this code:

 <html>
<head>
<title>Security PHP</title>

<?PHP

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$name = $_POST['name'];
echo $name;
}

?>

</head>
<BODY>
<Form Method = "Post" action ="SecurityinPHP.php">
<input type = "text" name = "name" value ="Test full name">
<input type="submit" name="Submit" value="send">
</Form>
</BODY>
</html>

 and then,try to change this line:

$name = $_POST['name'];
echo $name;
 
to this:

$name = $_POST['name'];
$name = htmlspecialchars($name);
echo $name;

 Then,run your code and type this code below into the textbox,then click "send" button:

"<A HREF ="dummysite">A Bad/Virused Site</A>"
  
it should display right this ryte:

 So,it means that the textbox does not longer read any special characters or any code anymore just like the previous post.It just straightly print the code or any special characters without read it.It quite safe right.But how about if the attacker use the different language like Russia,Germany,Arabic and others than English.Do not worry we have another flexible function that called htmlentities().To test it,just replace it with htmlspecialchars()  at the code.

Thank you,that's all for today,See you next time,hahaha


N/NOte :i'm more prefer on htmlentities() rather that htmlspecialchars().If you got something to ask or to add,just comment here..^^

Security PHP

This summary is not available. Please click here to view the post.

HOW-TO-INCLUDE-FILE-PHP

Assalamualaikum and selamat sejahtera

Morning!!hope u in good condition or in happy mood...waaa its been a long.....time that i stop posting,huhu..whatever it is...let we start with the new technique that enable us to include a file by using a PHP code.Example,u got a php code and then u want to include some file that content php code too!!wow it sound something new!!ryte2??hahaha..shall we start...off we go!!!

so,we a file that named myFile.txt

inside myFile.txt type:

this is from myFile.txt

close myFile.txt.After that,here is PHP code:

<HTML>
<HEAD>
<TITLE>Include files</TITLE>
</HEAD>

<BODY>
<H3>Normal text here </H3>
This text written in HTML

<H3>Include File here</H3>

<?PHP include "myFile.txt" ; ?>

</ BODY>
</ HTML >

test it!!

okey,then edit myFile.txt.open it and change that text to be like this:

<?PHP

function PrintFromFile( ) {
print "This function from the myFile.php";
}

?>

then save n close it,go to code, search this line:

<?PHP include "myFile.txt" ; ?>  

change it,to be like this:

<?PHP include "myFile.txt" ;
PrintFromFile()
?>

explain:note that,inside the PHP code,we add the name of function that from included file that all.Okey run it!


N/NOTE:anything problem???

Header Function PHP

Assalamu'alaikum and selamat sejahtera

Have you ever wonder that a line of code that enable us just go the other website.I meant before this,we just run the php file then it just display as white background and what we can see form address column it just write "http://localhost/...".So,how us to run or execute the php file and then automatically change the address column to any website that we desire.Here is the code:
 
<?PHP
header("Location: http://www.google.com");
?>

run it!so it go to google page ryte?automatically!

N/NOTE:wah!!so fun!!hehe