+ Reply to Thread
Results 1 to 12 of 12

Thread: Learning PHP?

  1. #1
    Ultimate Member willy_ph's Avatar
    Join Date
    Oct 2001
    Location
    Trent University
    Posts
    2,414

    Learning PHP?

     
    Simple. Where's a good starting place to begin learning PHP? I code everything in notepad, so no need for any fancy programs that will do it for me.

    I'm looking mainly for sites that I can pick info up.

  2. #2
    Not Really a Member
    Join Date
    Oct 2001
    Posts
    27,879
    the links i usually point towards are www.devguru.com and www.programmersheaven.com ... I'm guessing they'd have something on PHP as well...

    You could also check out the TechIMO links there maybe some sites there
    Helicopters don't fly; they vibrate so much and make so much noise that the earth rejects them.

  3. #3
    Ultimate Member tobu's Avatar
    Join Date
    Jan 2002
    Location
    Brisbane, Aus.
    Posts
    1,464
    i elarnt of php.net
    --
    www.theburningcat.com

    All Your Cats Are Belong to Us

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Location
    New Hampshire, USA
    Posts
    641
    here are some excerpts from e-mails I have received. I'm not saying "don't learn PHP. What I am saying is that some security professionals I am aquainted with seem to think there are innate problems with the design of the language.

    <quote>
    Call me "chicken little", but I am getting worried about the looming
    Apache/PHP vulnerability out there:

    http://news.com.com/2100-1001-850752.html?tag=cd_mh
    http://security.e-matters.de/advisories/012002.html
    http://www.cert.org/advisories/CA-2002-05.html

    If you have a webserver on the internet with PHP I encourage you to
    patch it NOW.

    If the estimate of 1 million vulnerable php servers is correct, then
    as soon as someone creates a worm program that can get a shell on a
    vulnerable machine then all 1 million servers will be infected in
    about 2 hours (assuming one machine can try to infect 10 random IP's/sec).

    That would be worse than code red and a huge blow to Apache & OSS. :-(

    I hope I turn out to be chicken little...

    </quote>





    which was followed by this

    <quote>
    >> I'll go one better than that. If you use PHP, STOP. They have
    > > security bulletins released about once a week, it seems (o.k. I'm
    > > exaggerating A LITTLE). About the only "vendor" with more frequent
    > > releases is Microsoft...
    >
    > Eh, I don't buy that. Please back it up with some references.

    Ok, I'll back down partially in that upon review, many of the
    advisories I've seen I've mis-remembered; they were not actually PHP
    advisories, but for software written in PHP. However, just this year:

    http://online.securityfocus.com/archive/1/258995
    http://online.securityfocus.com/archive/1/258662
    http://online.securityfocus.com/archive/1/255037
    http://online.securityfocus.com/archive/1/254846
    http://online.securityfocus.com/archive/1/254005
    http://online.securityfocus.com/archive/1/250196

    Some of these are considered fairly minor, in that the vulnerability
    is a possible exposure of what may be considered sensitive info. Some
    of these are things that can be fixed by altering the configuration of
    PHP. The problem is that it shows a pattern of failing to think
    about programming security issues.

    There are also some earlier advisories which complain about the design
    of PHP encouraging the development of insecure code. It seems that
    writing secure PHP scripts is also very difficult, and there are quite
    number of advisories for software written in PHP, which are not
    necessarily the fault of PHP, but perhaps encouraged by the design of
    PHP.

    I stand by what I said: if you're using PHP, it is my opinion that
    you're better off from a security standpoint using something else.
    You have to worry about security problems in the software written
    using PHP, as well as those of PHP itself. For example, Perl has zero
    reported vulnerabilities over the same period of time, and only one
    report of a vulnerability in software written in it (a file disclosure
    bug caused by bad input validation). I personally don't feel that PHP
    has a track record that warrants confidence in the security of your
    web server, and possibly your network depending on other trust
    relationships with your web server. Better, mmore proven alternatives
    exist.
    </quote>

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Location
    New Hampshire, USA
    Posts
    641
    on the lighter side of things: here is a cute story

    http://bbspot.com/News/2000/6/php_suspend.html

    (it's satire, but does have a link to php.net and they have a new CHM version of their PHP tutorial available for download)

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Location
    New Hampshire, USA
    Posts
    641
    Now having posted the previous thread, I thought I should also post an excerpt from the most recent e-mail I have received on this topic. I have never played with PHP myself so I cannot make any rational judgment calls on the merit of learning PHP other than to say "the more you know, the more you know" if that has any correlation to actually DOING the things in life you want to do, go for it.


    <quote>
    OK, does anyone else see this? Paul and Ben are saying exactly the
    same thing: It's a matter of bad programming, not a bad programming
    language. Now, the truly amazing thing is that Paul and Ben
    actually agree on something. The slightly less astounding fact
    is that they are *STILL* arguing, despite the fact that they
    agree...

    Anywho.... PHP, like Perl, like C, like any other language will
    have security holes as long as people write sloppy code. It is
    a fact of nature. Yes, PHP has some problems. However, those
    problems aren't an issue until someone goes and does something
    stupid like write bad code that leaves the hole vulnerable. The
    same is true for Perl (see http://www.coconut-palm-software.com...-security.html).
    A great example is "Matt's Script Archive". Great programs. *BAAAAD*
    programming. There are all sorts of holes in most of the Perl scripts
    found there. This is why there are 200 Perl-related vulnerability
    checks in Nessus.

    There is no such thing as a "secure" language. The language of and
    by itself does nothing. It is not secure or insecure. It is the
    person writing the code. Thus buffer overflows, stack-smashing,
    elevated rights, etc.
    </quote>

  7. #7
    The Mad Redhatter storm2k's Avatar
    Join Date
    Oct 2001
    Location
    NJ
    Posts
    3,552
    i don't think php should be knocked down because like ctaylor said, it will have it's security holes like any other language, or program. windows has em, linux has em (i find on the redhat network site that my system falls out of date rather quickly these days), everything has them. it's impossible to make a perfectly secure language or system, because there are always those out there looking to exploit any hole that might exist.

  8. #8
    Ultimate Member willy_ph's Avatar
    Join Date
    Oct 2001
    Location
    Trent University
    Posts
    2,414
    I have to agree with Voogru. I've only been at this a day and already I can see how much more useful this language is compared to straight HTMl with javascript.

    So much easier too. No need for frames when you can just you the include() function.

    thsoo thsexy!!!
    The difficulty is to try and teach the multitude that something can be true and untrue at the same time. -- Arthur Schopenhauer

  9. #9
    Ultimate Member willy_ph's Avatar
    Join Date
    Oct 2001
    Location
    Trent University
    Posts
    2,414
    I guess I have to learn how to implement MySQL database functions into my code now.

    So much easier than straight HTML code once you're used to it. if there's anyone out there that is starting to get stressed with the limitations of HTML, PHP is the way to go!
    The difficulty is to try and teach the multitude that something can be true and untrue at the same time. -- Arthur Schopenhauer

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Location
    New Hampshire, USA
    Posts
    641
    Willy_PH - glad to hear of your success. Enjoy the learning journey every step of the way!

  11. #11
    Senior Member MDdan's Avatar
    Join Date
    Dec 2001
    Posts
    857

  12. #12
    Ultimate Member Praetorian's Avatar
    Join Date
    Oct 2001
    Location
    Arizona
    Posts
    2,538
    Include rocks! I've cut down on the sizes of my pages by just using that command instead of having a header or footer static on every page. I'm learnnin' more and more about PHP with some help from Voogru here and its rather fun.

    MDdan: haha! I found that site a while ago and read that one. Poor kid.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Recommended Sites: ResellerRatings Store Reviews