I am just starting in web development, and I am having trouble getting php to work. I have access to a domain on my universities' server that should have php installed, although I'm not entirely sure about that.
This is the code I am trying to run.
<html>
<body>
<p>
testing to see which scripting languages work
</p>
<?php
echo "php works";
?>
<script type="text/javascript">
document.write("javascript works")
</script>
</body>
</html>
I notice you are able to 'run' HTML and javascript code by opening the text file with a browser (I use Chrome). But when I view the page source inside the browser, the php is commented out. This same code is loaded onto my website the university provides, and the same thing happens there.
I've looked around for how to solve this, I figured you need to have some sort of flag indicating the page runs php, but I can't find anything.
Here is my webspace if it helps:
Removed for privacy purposes
Thanks everyone for the responses, I was able to get it to work by changing it to a php file.
The usual flag for indicating that a file contains PHP is to give it a filename ending in .php.
Support from the server is, of course, required.
In more general terms, there are lots of different ways that this can be done, but they depend on the specific web server software that is being in use.
With Apache HTTPD, you use the directive SetHandler application/x-httpd-php inside a conditional.
For example, to take the Debian php5.conf file:
<FilesMatch "\.ph(p3?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
This causes any files with a name that matches that regular expression (i.e. end in .php, .php3 or .phtml) to be processed by PHP.
For certain, your server is running php. I tried to invent a web page name that i was certain didn't exist and got this error:
Apache/2.2.3 (Red Hat) DAV/2 mod_pubcookie/3.3.4a PHP/5.1.6 mod_python/3.2.8 Python/2.4.3 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_perl/2.0.4 Perl/v5.8.8 Server at home.engineering.iastate.edu Port 80
You're running PHP, alright. Like everyone else has mentioned, you'll have to ensure that the filename extension of that file whose code you posted above ends in .php then try it again.
You can't just open a php script in a browser, because it has to be executed by the php program first. This is done by a webserver (you can install one to test on your own machine, see, e.g., XAMPP).
If the server is configured to execute php (which it seems to), you should be able to make it work by naming your script index.php. The file extension .php tells the server to run the script first before sending anything to the browser.
Related
I've installed WIndows 10 version of XAMPP with MySQL (MariaSQL) & PHP version 5.6.28
The SQL is working just fine, i.e., I can log in, create DATABASE, etc.
php -v works fine on the command line ... PHP 5.6.28 (cli)...
phpinfo.php works as expected.
It tells me display_errors is ON
php.ini = display_errors=On
As a php script: mysql_test.php output to the screen is fine.
<?php
echo "Hello World of PHP!";
echo mysql_connect ('localhost', 'joe', 'gonzo9876');
?>
When I embed it in plain vanilla HTML, i.e., http://localhost/mysql_test.html
The php code won't echo/print on the screen
- and -
when I right-click for viewing the source code, the php code is visible
- and -
the Google debugger has converted the php tags to
Your Apache, by default, will only run files with .php extension as PHP. .html will be displayed to browser as is.
You need to either:
Rename your file from mysql_test.html to mysql_test.php; or
Config your Apache to also treat .html files as PHP script
The later one is an unusual practice. I wouldn't recommend it.
Basically no hosting provider will do it. So even if you make it work in your XAMPP setup, it won't work in any normal shared hosting. So if you potentially need to move your code to a shared hosting, please don't do it.
You can't process the PHP code inside html page with .html extension(without parse). It's only for rendering html, if you wanna use embed/mix both php with html, then use .php extension instead as PHP is server-side scripting language. When talking about server-side language, you need a server either local(xampp,wampp,etc..)/production server to host and run your apps.
Reflect to Commenter's comment :
Another workarounds is by telling the Apache to treat .html as .php and with this, you can mix php code with html by using .html, but it's just kinda a HACK for me(personal perspective). Well the choice is yours.
You need to make extension .php if you want to put php code inside html tags. But if you do not want to show .php, please use .htaccess for url rewrite. You can make file as .php but with .htaccess you can show as .html so user will see it as .html.
RewriteEngine On
RewriteRule ^test.php test.html [R=301,L]
or something like this, please search for url rewrite for more detail.
I've got this jQuery function:
function phpmail(){
$.post('mail.php',{name:$("#name").val()},
function(out){
alert(out);
});
}
and this PHP script in mail.php:
<?php
$name=$_POST['name'];
echo $name;
?>
However, each time when I click a button, I get PHP code and not the variable, so can someone explain me what I'm doing wrong?
I'm testing this on my local computer using WAMP.
maybe you test it using wrong url (on the browser)..
it should start with http://localhost/
not file:///c:\wamp\bla
This is a serious issue. You should make sure that php is correctly installed on your instance, otherwise anyone could see your code. Also make sure that your web server is not treating your cgi files as plain-text/html
This has nothing to do with either your PHP or JavaScript code. The problem is that your web server is misconfigured. It isn't recognizing ".php" as PHP code and therefore not parsing it.
You need to tell your web server that files with a ".php" ending are to be handled by PHP. You don't mention which web server you're working with so it's difficult to give you precise instructions for that but for what it's worth, here's the relevant portion of my Apache configuration.
<IfModule mod_php5.c>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
# ...bunch of irrelevant stuff here
</IfModule>
Of course, in order for PHP to work at all, the module must be loaded like so:
LoadModule php5_module /usr/lib/apache2/modules/libphp5.so
However, if you're running Linux, it is strange if you have to configure this yourself. But then again I don't know what you're running.
Web servers differ quite a bit from each other, so it's difficult to give you good instruction without more information on your runtime environment. Are you running Apache or IIS or Lighttp etc.? - Are you running on Windows or Linux or Mac? If Linux, which distribution, Debian or Fedora Core or Ubuntu?
Do you config you Web Server(Such as Apache or nginx) correctly? Do you handle the php file as the plain text??
I have to do a php project. I done php before so I understand the syntax for the most part. Just for a test, I made a file.php and in it I wrote:
<html>
<body>
<?php echo "helloWorld"; ?>
</body>
</html>
Well it won't display. The screen is blank. I tried it in chrome, firefox, IE and nothing wants to dispaly. Actually in IE, the source is displayed which is wierd. I also tried it without all the html and just used xampp to render it. It will not work. If I right click tho in the browser and view source, the code is there. Any ideas on what's going on?
Well, it comes from your web server configuration. If you're using Apache, have you enabled the mod-php module?
If you're new to setting up your own server, i would recommend using XAMPP (or WAMP), these are preconfigured PHP, Apache and MySQL servers.
If you're sure you have setup your server correctly check the following:
Make sure your executing your files from the server directory and NOT from a local directory. (your URL should look something like "http://localhost/test.php")
Note: You will need to phisically store the files in a place the apache server will look for, an example from XAMPP (on Windows, as thats what im assuming your using) is: "C:\xampp\htdocs"
Make sure your file ends in .php or something else that the Apache server will pickup as a PHP file. (.php3, .php4, etc)(make sure you didn't accidentally leave a .txt or something like that at the very end)
Check mod-php module is enabled (as Julien mentioned)
Hope that helps!
Edit:
Try
<?php
phpinfo();
?>
That as well, it should give you the php configuration information if the server is setup correctly.
EDIT2:
I see that you are using XAMPP, double check that the following file exists at the very least:
"C:\xampp\apache\conf\extra\httpd-xampp.conf", it loads the PHP module
I am a new guy in web programming who still learning new stuff.
I am creating a web form that consist of one INPUT. I connected the form in the HTML file to the php file. I am using a localhost MAMP that I recently installed on my MacBook.
The Problem : When I open the HTML file on a webpage and type something on the input box and hit submit, the browser ask me to download the php file rather processing it.
I don’t think the problem is related to mysql or apache since when I run the MAMP it give me green signs next to the apache and mysql.
Do anyone know how I can fix this problem and the let the php file open and transfer inputs to the database?
You'll want to make sure that Apache has been told that .php files should be treated as PHP scripts. That means one of the following:
LoadModule php5_module modules/libphp5.so # on windows, this'd be a .dll instead
AddHandler php5-script php
and/or
AddType application/x-httpd-php php
in your httpd.conf file.
open your file from virtual web-server, not filesystem.
you have to type something like
http://localhost/form.html
in your browser's address bar
Did you checked out http://www.mamp.info/en/documentation/faq.html#q8 ?
Maybe you didn't put your site into the folder "htdocs"?
PHP won't be parsed unless it is located in that folder or a subfolder.
That would explain the fact that your browser downloads the php file instead of getting the parsed php from apache.
This error is not only about php but general. The file that the browser suggets to down load is simply the script name, php or not.
I am a PHP newbie and a have a php security question. Is it possible for somebody to get the source code of a php script file running on a server with default configuration? If so, what is the best way to be protected? I am asking this because I happened to download a php file when I requested a page from a site and what triggered my concerns. I think that maybe apache configuration was wrong and served that file to me like a simple file but I am not sure. Also what is the best place to keep "sensitive" data such as database or smtp configuration?
Thank you,
Alex
For the most sensitive information, I'd suggest putting it outside of your web root folder, and including it through "require" or "include". This way, even is some configuration gets botched on the server, the visitor will only get served the line "include('secret_stuff.php');" and not the actual script.
Exactly what David Dorward said but i would advise you take a look at the following patch(s) that would modify apache to not send source code's regards if there is a misconfiguration.
http://mirror.facebook.net/facebook/patches/ap_source_defense.patch
Patch like so:
cd apache-1.3.x
patch -p1 -i ap_source_defense.patch
More Patches from Facebook Development Team: http://mirror.facebook.net/facebook/patches/
The best way to protect your much needed source is to place them outside the public root directory, as if apache is running it will not be able to serve files directly from the folder up public_html
for example:
C:/server/apache/
C:/server/apache/htdocs/
C:/server/apache/htdocs/includes/
People can specifically view the files my going to
http://hostname.tld/includes/
but having the directory structure of:
C:/server/apache/
C:/server/apache/includes/
C:/server/apache/htdocs/
and then within
C:/server/apache/htdocs/index.php
you have
<?php
require_once('../includes/config.php');
?>
this should protect all major files bar the view file (index.php)
If the server is not configured to handle PHP files, then it will treat them like any other unknown file (and serve them as either text/plain or application/octet-stream.
PHP support is, as far as I know, always provided as an extension or external program (for CGI, FastCGI, etc) and never as a built in for an HTTP server.
If the server is properly configured to run PHP code, then people without direct access to the server cannot view the PHP source code. You don't have to do anything else.
It is only because that server was not configured to run PHP, and instead served it as text, that you could see the source.
If you have this line in your apache.httpd.conf file,
AddType application/x-httpd-php .php
Apache should deal with data, rather than showing them...
Also you need to start php services.
What you describe as "default configuration" is a webserver without php installed (or with php disabled). In these cases, it is certainly possible to download the php script.
Make sure php is installed (as it will be on ~100% of production php servers) and/or block access to your configuration file with an .htaccess file like this:
<FilesMatch "^config.php$">
Order allow,deny
Deny from all
</Files>
If you want to be extra-tricky (and work even on servers where .htaccess files are ignored), prefix the configuration file with .ht, like .ht.config.php. Most Apache(and some other webserver) configurations will refuse serving files beginning with .ht. However, in general, the only way you could be sure no webserver serves your file is to move it to a directory outside of the server's document directory. On most hosts you or your php script won't be able to access those though.
Your second problem are misconfigurations. There's not much you can do, albeit there might(?) be options to construct a rewriterule to prevent accidential accessibility.
The best prevention however is to keep all scripts outside of the DOCUMENT_ROOT. Just leave a single index.php there, and include all dependencies from there. This is also the best strategy to avoid leaking of configuration data (also don't use ini files for sensitive data, but always .php scripts).
Another worry are shared hosting servers however. All concurrent users on a server can read out your scripts (if not through PHP then via Perl/bash CGIs). Nothing you can do about that, unless you change to a professional hoster which supports running everthing through suexec and thus allowing individual permissions.
Well, "default configuration" is a vague term, but as long as the web server is configured to parse .php files through PHP, you should be fine from that angle. If your scripts themselves happen to parse other PHP files (for eg. a template system) then you need to make sure there aren't any loopholes in that too, since the PHP scripts have full access to your files on the server.
Assuming these are taken care of, you don't need to keep the "sensitive" data in any special place -- just put them in your .php files, but make sure all your scripts end in .php (for eg. config.inc.php) so that they are always parsed via PHP and not sent as plain text.