UGN Security Forums Thread Like Summary - Useful PHP Functions & Code

Learner's Picks:
You will need the following(assuming you know html, xhtml, xml, or some markup to dissplay data)

date
http://us2.php.net/manual/en/function.date.php

sessions(login auth)
http://us2.php.net/manual/en/function.session-start.php
http://us2.php.net/manual/en/function.session-is-registered.php
http://us2.php.net/manual/en/function.session-unregister.php
http://us2.php.net/manual/en/function.session-unset.php

MySQL db functions(unless of course you want to learn a different db)
http://us2.php.net/manual/en/function.mysql-connect.php
http://us2.php.net/manual/en/function.mysql-close.php
http://us2.php.net/manual/en/function.mysql-query.php
http://us2.php.net/manual/en/function.mysql-fetch-array.php
http://us2.php.net/manual/en/function.mysql-fetch-assoc.php

MySQL links
http://dev.mysql.com/doc/mysql/en/delete.html
http://dev.mysql.com/doc/mysql/en/insert.html
http://dev.mysql.com/doc/mysql/en/update.html

Gizmo's Picks:
arrays:
http://us2.php.net/manual/en/function.array.php
http://us2.php.net/manual/en/ref.array.php

file_exists:
http://us2.php.net/manual/en/function.file-exists.php

file:
http://us2.php.net/manual/en/function.file.php

fopen/fclose:
http://us2.php.net/fopen
http://us2.php.net/manual/en/function.fclose.php

fsockopen:
http://us2.php.net/manual/en/function.fsockopen.php

other disk/file functions:
http://us2.php.net/manual/en/function.disk-free-space.php
http://us2.php.net/manual/en/function.disk-total-space.php
http://us2.php.net/manual/en/function.chmod.php
http://us2.php.net/manual/en/function.copy.php
http://us2.php.net/manual/en/function.delete.php
http://us2.php.net/manual/en/function.filesize.php
http://us2.php.net/manual/en/function.filetype.php
http://us2.php.net/manual/en/function.flock.php
http://us2.php.net/manual/en/function.is-writable.php
http://us2.php.net/manual/en/function.touch.php

BTW, if you're going to go off playing with MySQL you should also look into:

http://us2.php.net/manual/en/function.str-replace.php
http://us2.php.net/manual/en/function.stripslashes.php
http://us2.php.net/manual/en/function.strip-tags.php

so you don't go and get yourself owned...

Coding for Security:
Trust nothing from the user. Code every form as if you know a hacker is coming at it. Also safe guard from URL submissions. Remember the GET method. If someone views source on your form they will see all variables that will be passed. Even if you are using host, they can mess with the URL and try submiting malious code that way.

1.) Code like registered globals is off.
http://us2.php.net/variables.external

2.) Make sure the user came from the page the form is on. See the predefined variables
http://us2.php.net/manual/en/reserved.variables.php#reserved.variables.request

Here is a function snagged from PHP.net to make sure your forms are secure.
Useful Links:
If you are going into mySQL get very used to reading the manual on thier site.
http://dev.mysql.com/doc/mysql/en/tutorial.html

Also see thier forums
http://forums.mysql.com/

for thier PHP forum
http://forums.mysql.com/list.php?52

Most MySQL you can just see the info on PHP.net and run with it. Some tricky stuff you will need to look at thier manual and play with the PHP code to get it to work.

PHP.net MySQL functions
http://us2.php.net/manual/en/ref.mysql.php

Speaking of MySQL, here is a segment of code that I find extremely useful and efficient for what it does (forgive the PHP 4)



Gets all the rows for a query as opposed to just one, as is done with mysql_fetch_assoc. I find it extremely awesome.