httpOnly cookie flag support in PHP 5.2
http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html
Thanks to a patch from Scott
MacVicar that I've just applied to CVS, PHP 5.2 will have support for
httpOnly cookie flag. This neat little feature allows you to mark a
newly created cookie as HTTP only, another words inaccessible to
browser based scripting languages such as JavaScript. This means it
would become far more difficult, if not impossible to steal a user's
cookie based session by injecting JavaScript into a page and then using
to read cookies.
This flag can be toggled by passing TRUE as the 7th parameter to the
setcookie() and the setrawcookie() functions respectively. Ex:
PHP:
<?
php
setcookie
(
"abc"
,
"test"
,
NULL
,
NULL
,
NULL
,
NULL
,
TRUE
);
setrawcookie
(
"abc"
,
"test"
,
NULL
,
NULL
,
NULL
,
NULL
,
TRUE
);
?>
The support of the httpOnly flag extends to the session extension as
well, where it can be enabled by setting the session.cookie_httponly
INI setting to 1. Or passing TRUE as the 5th parameter to the
session_set_cookie_params() function.
PHP:
<?
php
ini_set
(
"session.cookie_httponly"
,
1
);
// or
session_set_cookie_params
(
0
,
NULL
,
NULL
,
NULL
,
TRUE
);
?>
Unfortunately, at this time according to my tests no other browser has
adopted this rather handy feature, but with the continual increase of
XSS attacks, I am sure they'll adopt this concept soon.
For people using PHP 4 and PHP 5.1 you can add this flag yourself by
sending cookies manually via the header function and prefixing the
;httpOnly flag to the cookie as shown in the example below:
PHP:
<?
php
header
(
"Set-Cookie: hidden=value; httpOnly"
);
?>
相关文档:
前提: Apache 和 Mysql已经安装完毕。
php 版本:php-5.2.6.tar.gz
下载地址:
ZendOptimiter-3.3.3-linux-glibc23-i386.tar.gz
下载地址:
1. 首先安装 GD库软件
libxml2-2.7.2.tar.gz
下载地址:
#tar -zxvf libxml2-2.7.2.tar.gz
#cd libxml2-2.7.2
#mkdir /usr/local/modules
#mkdir /usr/loc ......
php中如何关闭notice级的错误提示
2008-09-04 15:39
1.在php.ini文件中改动error_reporting
改为:
error_reporting = E_ALL & ~E_NOTICE
如果你不能操作php.ini文件,你可以用下面的方法 ......
php中有两种方法:
1,通过mail()函数发送
2,Socket发送邮件
一,通过mail()函数发送:
1,需要配置php.ini邮件信息
打开php.in ......
<?php
//新建目录
mkdir("/path/to/my/dir", 0700); //0700表示权限最大
//删除目录
rmdir("/path/to/my/dir");
//遍历目录
$p =dir(/etc/php5);
echo "handler:".$p->handler;
while(false!=$entry=$p->read()){
echo $entry."\n" ;
}
$p->close();
//输出文件内容
$handle=@ ......
PHP读取MYSQL数据库或MSSQL数据库时,有时出现乱码,这是PHP.ini中配置和.php页面编码不一致引起的。
解决办法:
1、首先,将PHP.ini中设置为default_charset = "gb2312",然后重启Apache。
这时从数据库中提取的结果集可以正常显示中文了,但.php页面中的列名也有可能显示乱码了。这样解决,
2、然后,PH ......