Last Updated: Jul 22,2010
i have some php files. but how to run them, which plugin i will have to install?
PHP is a server script language, the files are executed from a web server on which they have been uploaded.
No longer a contributing member. Account pending for deletion.
What a silly question.. sorry.. What exactly are you trying to do?
thanks much, i am downloading WampServer.
Unless you know what you're doing, your are REALLY not going to want to expose this machine to the internet. Unless you configure your server properly, PHP can introduce horrible security holes into your machine.
horrible security holes?????????
first time hear about it. what are they?
Well, in 2006 PHP accounted for 43% of identified security issues on websites. It certainly has gotten better since then, but the potential for misuse is still there. This article also gives a nice overview of the problems.
Some of them aren't specific to PHP (validating user input for example) but hit PHP hard because of it doesn't enforce standards. There are also PHP server settings like global variables that can be mis-set if you don't pay attention.
Here is a list of PHP related security articles that are worth a read. And this thread has an interesting discussion on PHP security. Yes, I hang out at LQ a lot.
Basically, PHP is pretty easy to learn, and a decent web stack isn't hard at all to set up (heck, there are a bunch of pre-packed ones like WampServer out there) so a lot of newbies can start tackling making their own web sites. But what is missing from almost all these discussions is the issue of security. If you're putting something on the web, it is going to be attacked, period. And unless you've taken steps to control access, monitor the state of the server, and have the ability to detect and recover from a breach, you have no business operating a web server. If you just slap something out there, sooner or later it will become a spam-spewing zombie and poorly coded PHP apps are one of the major vectors for turning those shiny servers into zombies.
Great post. I agree with most of what you said. The potential for security issues because of abuse or misuse is prominent with every technology out there though. From my educational and professional understandings PHP is the most stable server-side scripting language available. ASP is ran from windows os (enough said about this one), JSP is dependent on Java, etc...php is nearly standalone and can be ran from nearly any PC (and even mac now). One does need to be security minded though while programming with any technology as the potential for opening up an accidental security hole is by far controlled by the intelligence of the coder/operator. The main reason why there's so many issues which people have/make with PHP is because it is easy to learn and make simple things quickly...and it's free of course making it more widely used.
Separate names with a comma.