I am a complete PHP novice and I am just trying to write a simple web form and script that checks to see if the input matches a specific string. I have got that working no problem and just want to know if there is some way for the web form user to parse the script code and see what I am comparing to, therefore revealing the secret message to them.
Thanks in advance.
If there is a missconfiguration with your apache server, then it is a possibility. But other than that, PHP is server-sided scripting and will remain visible to only the server/FTP users.
Related
After realising that my web server wouldn't run php inside my html file I used an iframe which points to my php script.
It works as expected and now my site has a nice little comment form that the user can fill in and submit.
I opted for this instead of changing my hhtpd.conf because I don't think my web host allows it.
So my question is; is there any real danger of doing this? If the comment.php file were to mysteriously disappear an error would appear in my html which wouldn't affect the rest of my code. I can't think of any drawbacks unless there some server overhead I'm unaware of.
Any information would be welcomed.
Cheers!
If they (the html and php files) are located on the same server — should be no danger.
Just to clarify :
If you can 'run' the php in an iFrame, then you're able to run it in the main frame as well. the php that is generated for your iframe could as well be generated for the main frame.
So, no, there is no danger at at, but no, you don't need an iframe, I think you misunderstood somehow how php is working.
There is no php in html, php is (simplified) used in 2 scenarios :
first is to generate html that will be sent to the web browser,
the second is a script, that doesn't render any php but affects some internal files, like databases and such.
I just started reading up on PHP with mySQL, and I am just on the first page (http://php.about.com/od/phpwithmysql/ss/mysql_php.htm) and it says that I connect to my database within my PHP code by supplying my username and password.
My question is, would this not leave my password exposed for anyone to then access my database?
Now I have not learned yet if this connection code is written in a separate php file, or in php inbedded into my html code, but aren't all my files (php, css, js), all available anyways; otherwise how would people's browsers be able to see the results?
Thanks,
-Adrian
No. PHP is processed on the server-side, and is never sent (insecure application not withstanding) to the browser. You might also check out CodeAcademy's PHP track. I think that would probably be a better guide for you!
Php is server side language. It runs on your server so it wont be visible. (Unless you use any echo's or print ) :D
For a system I am developing I need to programmatically go to a specific page. Fill out one field in the form (I know the id and name of the input element), submit it and store the results.
I have seen a few different Perl, python and java classes that do this. However I would like to do this using PHP and havent found anything as of yet.
I do have the permission to do this from the site i am getting the information from as well.
Any help is appreciated
Take a look at David Walsh's simple explanation.
http://davidwalsh.name/curl-post
You can easily store the response (in this example, $result) in your database or logfile.
Usually PHP crawlers/scrapers use CURL - http://php.net/manual/en/book.curl.php.
It allows you to make a query from the server where PHP runs and get response from the website that you need to crawl. It returns response data in plain format and parsing it is up to you. You can manually check what does the form submit when you do it manually, and do the same thing via curl.
You also may try phpcrawl (http://phpcrawl.cuab.de), seems to fit all your needs.
(See "addPostData()"-method)
ive got a script i need to load into a page but its sensitive so i dont want to have to reveal the source of the script. Im aware that js runs client side, but is there some way i could load it server side with php / or just embed it server side to still be run on the users system ?
The script itself is a simple external js script like this :
<script type="text/javascript" src="myscripts.js"></script>
cheers
If you want your browser to run a script, it must receive the source code for that script. Your statement "embed the script server side" doesn't make much sense, nor does "loading it server side with .php". Either the browser receives the script code to execute (and thus, it is visible to the end-user), or it doesn't.
You can try using various obfuscation methods to make the source code harder to understand, but anyone with sufficient determination will get around this.
You could conceal the source location of the script that way, but not the source code. If you want it to execute on the client then you must sent it to the client. If you send it to the client then the user can execute it. Don't put secret business logic on the client side, handle it server side.
No there is not. The best you can do is to obfuscate your code to make it hard to reverse-engineer for non experienced user.
how do you execute a php script on a site thats not mine?i need to know this because, i found in a site where you have to multiply 2 large numbers and find its product within 1 sec....a normal man can't do this even with the help of a calculator, because what they meant was to program and find out the result...i know how to write that script but don't know where to put that script in that site and execute....any suggestions gladly accepted...
you can use php curl remote server access. but you must have the permission
I would check out the source of the page, and write a javascript to pull the numbers from the page and submit the answer.
You can use a Firefox addon such as Greasemonkey to run the script on the page.
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/
If the site you need to submit the answer to uses a form, it might be possible to write your own form and post it to that site. Most sites block that kind of behavior though.