| Re: Using a heredoc in PHP as in Perl [message #171934 is a reply to message #171910] |
Fri, 21 January 2011 22:05   |
Twayne
Messages: 135
Registered: September 2010
Karma:
|
Senior Member |
|
|
In news:gC1_o.21382$cj2(dot)16456(at)newsfe08(dot)iad,
P E Schoen <paul(at)pstech-inc(dot)com> typed:
> "P E Schoen" wrote in message
> news:gb0_o(dot)3626$LB4(dot)1808(at)newsfe06(dot)iad...
....
>
> One downside to PHP may be the difficulty of installing it
> on my Windows machine for local testing and debugging. It
> seems I must also install and configure an Apache server,
> which is non-trivial. For Perl I am using ActivePerl which
> installs with just a click of the mouse.
Actually, windows Apache servers are available in almost a turn-key
operation. It'll work for local testing right out of the box with XAMPP, in
fact. Then I just obtained the same rev of PHP the intended remote server
offered, and I was off and running in less than an hour counting download
time for the xampp package and PHP. IIRC it comes with PHP 5.2.3 or
thereabouts so if your server admin is any good the Apache install and the
included PHP might all work right out of the box. Oh, it'll also run as a
service, of course and comes with a PHP MYAdmin panel.
Be sure to read the security tips if you're going to put it where the
'net has access to it; as a test setup, some security is missing and of
course all the errors are turned on, not something you want in production.
IMO it's a great product. I've never had a single problem with it except
for stopping to update it now and then. It's free open source of course.
And, there are other similar packages out there but xampp is the one I
settled on so it's all I can really talk about.
>
> Another downside of PHP is the lack of "Taint" checking,
> which makes Perl more secure in the case of subtle
> programming errors, or warnings really.
Never came across "taint" checking; that's new to me, or I know it by a
different name. If all you mean is Checking user input for dubious or
erroneous values, PHP most definitely is easily capable of it. PHP above
version 5 can do some great things for sanitizing and preventing code
injection in form inputs, just about anything you can think of. JS seems to
be the favorite means of code injection in a gazillion different ways in
forms and PHP makes it pretty easy.
Warnings are something you NEVER want a visitor to see because it gives
away a lot of your methodology if someone is trying to hack you or find a
way in via a site form.
I don't mean to say that there is no other acceptable method; there
definitely is. But by minimizing 3rd party stuff and avoiding including
other applications midstream, I find I don't get lockups, crashes and other
nasty events that aren't expected.
Cheers,
Twayne`
>
> I will need to see if I can code the equivalent to the PHP
> for HTMLpurifier in Perl:
>
> <?php
> require_once '../../library/HTMLPurifier.auto.php';
> $config = HTMLPurifier_Config::createDefault();
> $config->set('Core.Encoding', 'UTF-8'); // replace with
> your encoding $config->set('HTML.Doctype', 'XHTML 1.0
> Transitional'); // replace with your doctype
> $purifier = new HTMLPurifier($config);
> $html = '<b>Simple and short'; // untrusted input HTML
> $pure_html = $purifier->purify($html);
> echo '<pre>' . htmlspecialchars($pure_html) . '</pre>';
>>
>
> Thanks for the help and patience with a newbie.
>
> Paul
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]