Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Sharon Levy's Blog:
PHP Version
Jan 05, 2012 @ 19:20:40

Sharon Levy has a new post to her blog showing a trick she's come up with to show the PHP version information (usually found in the phpinfo) even when it's disabled.

Sometimes the most crucial, basic piece of information can seem so hard to find. For example, suppose you wanted to find out what version of PHP your remote webhost provides to shared hosting users? What would you do? [...] For development purposes it can be helpful having phpinfo() available, but on a live shared host, you may discover as I did recently that it is no longer available; your host may have disabled it.

She includes three other ways you can use to get the version of PHP you're working with:

  • If you have command line access, running "php -v"
  • Using the phpversion function (or PHP_VERSION constant)
  • Appending a certain value to the URL (only works in some cases)
tagged: find version language method phpinfo phpversion url

Link:

PHPBuilder.com:
The ABC's of PHP Part 3 - Basic Script Building in PHP
Mar 26, 2009 @ 12:56:40

PHPBuilder.com has posted the next article in their "ABCs of PHP" series looking at some basic techniques for building your first scripts.

Welcome to part 3 of my 10 part series on PHP. In the first two parts I introduced you to the language and to what software you needed to run it. In this episode we will look at some simple PHP syntax, and we'll write a couple of small scripts to get our feet wet, and get a feel for the language.

Their first script mixes HTML and PHP together to make a "Hello World" web page. They also give the example of a phpinfo function call to get the settings for the current PHP installation.

tagged: abc introduction first script technique phpinfo

Link:

PHP 10.0 Blog:
Production mode
Dec 18, 2006 @ 14:43:00

In an effort to get some thought going about ways to encourage security in PHP applications, Stas has posted an idea about a simplified php.ini setting - production=On.

His idea is that, with this setting on, the PHP installation would:

  • disable display errors
  • disable phpinfo()
  • turn expose_php off
  • make max_execution_time/memory_limit reasonable
  • and possibly a few others that some developers forget to set correctly
Comments on the post range from disagreement to suggestions on improvement and support.

tagged: production mode phpini setting phpinfo exposephp displayerrors production mode phpini setting phpinfo exposephp displayerrors

Link:

PHP 10.0 Blog:
Production mode
Dec 18, 2006 @ 14:43:00

In an effort to get some thought going about ways to encourage security in PHP applications, Stas has posted an idea about a simplified php.ini setting - production=On.

His idea is that, with this setting on, the PHP installation would:

  • disable display errors
  • disable phpinfo()
  • turn expose_php off
  • make max_execution_time/memory_limit reasonable
  • and possibly a few others that some developers forget to set correctly
Comments on the post range from disagreement to suggestions on improvement and support.

tagged: production mode phpini setting phpinfo exposephp displayerrors production mode phpini setting phpinfo exposephp displayerrors

Link:

PHP Security Blog:
Suhosin 0.9.15 comes with Transparent phpinfo() Protection
Nov 29, 2006 @ 16:43:00

According to this new post on the PHP Security Blog, there's a new META tag the Suhosin extension includes in the output of a phpinfo page to help resolve some of the issues with Google (and buddies) storing the contents of the page, giving a potential attacker information they could exploit.

[The] extra META TAG to the HTML output of phpinfo() that forbids indexing and archiving by robots. For fairness reasons following the embedded links is still allowed to robots, because a lot of projects [...] to get at least a few backlinks for their work, that might result in a better search engine positioning.

The patch can be downloaded from their site.

tagged: suhosin extension transparent phpinfo protection suhosin extension transparent phpinfo protection

Link:

PHP Security Blog:
Suhosin 0.9.15 comes with Transparent phpinfo() Protection
Nov 29, 2006 @ 16:43:00

According to this new post on the PHP Security Blog, there's a new META tag the Suhosin extension includes in the output of a phpinfo page to help resolve some of the issues with Google (and buddies) storing the contents of the page, giving a potential attacker information they could exploit.

[The] extra META TAG to the HTML output of phpinfo() that forbids indexing and archiving by robots. For fairness reasons following the embedded links is still allowed to robots, because a lot of projects [...] to get at least a few backlinks for their work, that might result in a better search engine positioning.

The patch can be downloaded from their site.

tagged: suhosin extension transparent phpinfo protection suhosin extension transparent phpinfo protection

Link:

Nexen.net:
PHPInfo() Stats - Part 2
Nov 21, 2006 @ 16:51:00

Damien Seguy has continued his series looking at PHP configurations around the web and is sharing the results in the form of two new reports over on Nexen.net.

I just published the second part of the serie about PHP configurations. This part focuses on three aspects of PHP: PHP extensions, PHP streams, and disabled functions.

You can find the statistics themselves here and the latest configuration statistics here. It's interesting to see the drop-off when it comes to the various modules that are installed ("php, ftp and http are the most common. Besides them, tough luck.") and to see the somewhat more gradual curve of which functions are disabled - with system() topping out the list (with good reason).

tagged: phpinfo statistics streams extensions pecl disabled functions graph phpinfo statistics streams extensions pecl disabled functions graph

Link:

Nexen.net:
PHPInfo() Stats - Part 2
Nov 21, 2006 @ 16:51:00

Damien Seguy has continued his series looking at PHP configurations around the web and is sharing the results in the form of two new reports over on Nexen.net.

I just published the second part of the serie about PHP configurations. This part focuses on three aspects of PHP: PHP extensions, PHP streams, and disabled functions.

You can find the statistics themselves here and the latest configuration statistics here. It's interesting to see the drop-off when it comes to the various modules that are installed ("php, ftp and http are the most common. Besides them, tough luck.") and to see the somewhat more gradual curve of which functions are disabled - with system() topping out the list (with good reason).

tagged: phpinfo statistics streams extensions pecl disabled functions graph phpinfo statistics streams extensions pecl disabled functions graph

Link:

Ilia Alshanetsky's Blog:
Reliably locating phpinfo()
Oct 23, 2006 @ 16:26:00

In his latest post, Ilia Alshanetsky shares a handy (and a little scary) tip on finding the location of a phpinfo page reliably to help figure out the common PHP settings developers out there are using.

The problem with finding a reliable pool of such pages is that basic search often contaisn many blog, forum, bugs.php.net and alike entries which area copy & paste outputs from users. This maybe fine in some instances, but what if you just want the real phpinfo() pages. The answer is surprisingly simple.

His solution? To search for an element always in the page, but unique to it - usually the term you're looking for (like his suggestion of "Zend Scripting Language Engine"). He links to two result sets, one from Google and the other from Yahoo.

Besides the phpinfo information, Ilia also mentions the other handy data you can find with similar searches to major search engines like Apache header information.

tagged: phpinfo locate statistics search engine term keyword apache header phpinfo locate statistics search engine term keyword apache header

Link:

Ilia Alshanetsky's Blog:
Reliably locating phpinfo()
Oct 23, 2006 @ 16:26:00

In his latest post, Ilia Alshanetsky shares a handy (and a little scary) tip on finding the location of a phpinfo page reliably to help figure out the common PHP settings developers out there are using.

The problem with finding a reliable pool of such pages is that basic search often contaisn many blog, forum, bugs.php.net and alike entries which area copy & paste outputs from users. This maybe fine in some instances, but what if you just want the real phpinfo() pages. The answer is surprisingly simple.

His solution? To search for an element always in the page, but unique to it - usually the term you're looking for (like his suggestion of "Zend Scripting Language Engine"). He links to two result sets, one from Google and the other from Yahoo.

Besides the phpinfo information, Ilia also mentions the other handy data you can find with similar searches to major search engines like Apache header information.

tagged: phpinfo locate statistics search engine term keyword apache header phpinfo locate statistics search engine term keyword apache header

Link:


Trending Topics: