PHP
Basics and File Locations
PHP is a scripting language designed for server side scripting on websites. It can also be used for general purpose shell scripting.
PHP code is embedded inside of HTML web pages. Unlike JavaScript, it is processed on the server and the browser sees only pure HTML. The required extension is “.php”. PHP code can also be executed as a script file from the shell command prompt. To do this, start the file with “#!/usr/bin/php”.
It is possible to create a “.htaccess” file that specifies that files with “.html” extensions be parsed for PHP. This would be used only in special situations, when a page is static except for some minor element such as a clock, and it is desirable to have search engines treat the page as static content.
Php content is delineated by “<?php” at the beginning of the code and “?>” at the end. Here is an example of code we used to use include the Google search box at the bottom of our pages. It is easier to do it in php so that when Google updates their code, we only have to change it in one place.
<?php require_once('./../php/search_en.php'); ?>
Multiple lines of code can exist between PHP start and end tags and as many PHP code fragments as necessary may be embedded in an HTML page.
Our web server is equipped with Memcache and the necessary PHP backend to support PHP object caching. This is greatly speeds up large applications like WordPress, myBB, Gallery, and the like. Some configuration may be required or in some cases plugins needed to take advantage of this functionality.
PHP documentation can be found online at http://php.net/docs.php.
There is also a manual page online that can be accessed by typing “man php”. This mostly deals with command line options.
Warning
PHP code executes with your permissions. If there is a flaw in your code that is exploitable remotely, your files and website may be damaged.
Many shared hosting sites execute all code under a common user ID. In that situation, a flaw in any users code can result in damage to all users websites. Here, where each users website executes under their own user ID, only your own code can expose your own website.
Web designers should be very careful to eliminate any “../” back references, wild card or regular expression references to filenames or commands, or references to files or commands starting at “/”.