It can be achived as follows.
A. Set enable_dl to Off in the server’s php.ini configuration file.
B. Add dl to the current value of disable_functions in the server’s php.ini configuration file.
Monthly Archives: May 2018
instanceof
instanceof is used to determine whether a PHP variable is an instantiated object of a certain class:
<?php
class A{
}
$obj = new A();
if ($obj instanceof A) {
echo 'A';
}
?>
loadHTMLFile
The function parses the HTML document in the file named filename. Unlike loading XML, HTML does not have to be well-formed to load.
This function may also be called statically to load and create a DOMDocument object. The static invocation may be used when no DOMDocument properties need to be set prior to loading.
Superglobals
Several predefined variables in PHP are “superglobals”, which means that they are always accessible, regardless of scope – and you can access them from any function, class or file without having to do anything special.
The PHP superglobal variables are:
- $GLOBALS
- $_SERVER
- $_REQUEST
- $_POST
- $_GET
- $_FILES
- $_ENV
- $_COOKIE
- $_SESSION
$_SESSION superglobals does not necessarily contain data from the client
password_hash()
password_hash() creates a new password hash using a strong one-way hashing algorithm. password_hash() is compatible with crypt(). Therefore, password hashes created by crypt() can be used with password_hash().
To hash a password, take the password string and pass it into password_hash the function as a parameter along with the algorithm you want to use, then store the returned hash into the database.
Following are the acceptable ways to create a secure password hash in PHP
A. crypt()
B. hash_pbkdf2()
C. password_hash()
Static Binding
Late Static Binding is something that helps us correctly resolve to static classes at run time. So when we use self keyword, PHP checks it at compile time which class to bind the method call to but when we use static keyword, PHP would check it late eg it would determine which class to use and bind method call to at runtime. Doing it at runtime is what helps PHP determine which class was meant.
Late static binding is used in PHP to use caller class information provided in static method call.
Standalone
The standalone declaration is a way of telling the parser to ignore any markup declarations in the DTD. The DTD is thereafter used for validation only.
- The standalone directive is an optional attribute on the XML declaration.
- Valid values are yes and no, where no is the default value.
- The attribute is only relevant when a DTD is used. (The attribute is irrelevant when using a schema instead of a DTD.)
- standalone=”yes” means that the XML processor must use the DTD for validation only. In that case it will not be used for default values for attributes , entity declarations and normalization
- Note that standalone=”yes” may add validity constraints if the document uses an external DTD. When the document contains things that would require modification of the XML, such as default values for attributes, and standalone=”yes” is used then the document is invalid.
- Standalone=”yes” may help to optimize performance of document processing.
Limit Resources
Following methods are available to limit the amount of resources available to PHP through php.ini
A. Limit the amount of memory a script can consume
B. Limit the maximum execution time of a script
Prevent PHP Open File
The following can prevent PHP from being able to open a file on the hard drive
A. File system permissions
B. File is outside of open_basedir
File Uploads Requirements
• The PHP directive file_uploads must be set to On
• The form’s method attribute must be set to “post”
• The form’s enctype attribute must be set to “multipart/form-data”