Session clustering is used to provide scalability for keeping the session data in synch across a â€œclusterâ€ of PHP servers. The sessions reside on the machine in which they are created. These sessions are then delivered from one machine to another. This delivery is fully distributed. The Zend Session manager is used for transferring sessions from the system (session storage) to remote addresses.
Global variables in PHP can be registered using the session_register() function. It accepts different number of arguments, any of which can be either a string holding the name of a variable or an array consisting of variable names or other arrays
$_session can also be used for registering variables.
$_SESSION['count'] = 0;
Avoid the use of global variables. Hence it must be ensured that register_globals option is not enabled.
Use of variables designed to be set by GET or POST requests.
Store passwords in an encrypted format
Avoid storing credit card and other secured information. Trust a third party gateway.
Make use of server side validations and avoid trusting the user input.
Example: if the expected value is integer, use the intval function.
$post_id = intval($_GET['post_id']);
mysql_query("SELECT * FROM post WHERE id = $post_id");
User names and passwords in PHP can be encrypted using md5 function.
MD5 function calculates the md5 hash of a string. It is basically used for encryption. It is also used for digital signature applications, where a large file must be "compressed" in a secure manner.
Crypt() function can also be used to encrypt a string,. It used MD5, DES or blow fish algorithms for encryption.
Salt is an optional parameter used to increase the number of characters encoded, to make the encoding more secure
Chmod() is used for changing permissions on a file.
Mode here specifies the permissions as follows:
The first number is always zero
The second number specifies permissions for the owner
The third number specifies permissions for the owner's user group
The fourth number specifies permissions for everybody else
Possible values (to set multiple permissions, add up the following numbers)
PHP handles file uploads through different method.
POST method uploads: This allows user to upload both text and binary files. PHP has a number of authentication and file manipulation functions, a control over upload is possible.
Files can be uploaded in PHP by using the tag type=â€fileâ€. An upload form must have encytype="multipart/form-data" , method also needs to be set to method="post". Also, hidden input MAX_FILE_SIZE before the file input. To restrict the size of files
Opendir():- It opens the directory. This function returns a directory stream on success and FALSE and an error on failure.
Context is a set of options that can modify the behavior of a stream
Example: opens sample directory.
$dir = opendir("directory");
Readdir(): It returns an entry from a directory handle opened by opendir().
$file = readdir($dir);
Rmdir() removes the directory which is empty.
Context: optional. Context is a set of options that can modify the behavior of a stream
$var = "images";
echo ("Could not remove $var");
Copy() makes a copy of the file. It returns TRUE on success. It can copy from any source to destination. Move simple Moves the file to destination if the file is valid. While move can move the uploaded file from temp server location to any destination on the server. If filename is a valid upload file, but cannot be moved for some reason, no action will occur.
Static variables in C have the scopes;
1. Static global variables declared at the top level of the C source file have the scope that they can not be visible external to the source file. The scope is limited to that file.