PHP Guidelines / Introduction
- From: Aaron Glenn <aaron the-escape org>
- To: "Public discussion of gnome.org services" <gnome-infrastructure gnome org>
- Subject: PHP Guidelines / Introduction
- Date: Tue, 11 May 2004 00:29:33 -0500
On the PHP guidelines, under the Quoting section, you might add that
anyone using MySQL can use the mysql_escape_string() function for more
specialized MySQL quoting. Something worth noting about it is**
mysql_escape_string() does not escape the % and _ characters.
From reading the Sysadmin meeting notes, I see you're looking at
security and directory restrictions; PHP offers 'safe mode' which offers
plenty of settings from comparing GID & UID to preventing execution of
external programs that are not in a specified directory to protecting
environtment variables. PHP also offers the ability to disable one or
more functions whether or not the rest of safe mode is enabled.
An excellent resource for php security is of course the PHP manual (
http://www.php.net/manual/en/security.index.php )
I'm by no means an expert, but php is my hobby, and I'm willing to help
out where it is needed. I'm a regular on irc://irc.gimp.org/mgicchikn
(and soon the #sysadmin room if it is opened) and a recent GNOME fan.
Thanks, Aaron
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
