易截截图软件、单文件、免安装、纯绿色、仅160KB

httpOnly cookie flag support in PHP 5.2

http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html
Thanks to a patch from Scott
MacVicar that I've just applied to CVS, PHP 5.2 will have support for
httpOnly cookie flag. This neat little feature allows you to mark a
newly created cookie as HTTP only, another words inaccessible to
browser based scripting languages such as JavaScript. This means it
would become far more difficult, if not impossible to steal a user's
cookie based session by injecting JavaScript into a page and then using
to read cookies.
This flag can be toggled by passing TRUE as the 7th parameter to the
setcookie() and the setrawcookie() functions respectively. Ex:
PHP:
<?
php
setcookie
(
"abc"

"test"

NULL

NULL

NULL

NULL

TRUE
); 
setrawcookie
(
"abc"

"test"

NULL

NULL

NULL

NULL

TRUE
); 
?>
The support of the httpOnly flag extends to the session extension as
well, where it can be enabled by setting the session.cookie_httponly
INI setting to 1. Or passing TRUE as the 5th parameter to the
session_set_cookie_params() function.
PHP:
<?
php
ini_set
(
"session.cookie_httponly"

1
);
// or
session_set_cookie_params
(
0

NULL

NULL

NULL

TRUE
);
?>
Unfortunately, at this time according to my tests no other browser has
adopted this rather handy feature, but with the continual increase of
XSS attacks, I am sure they'll adopt this concept soon.
For people using PHP 4 and PHP 5.1 you can add this flag yourself by
sending cookies manually via the header function and prefixing the
;httpOnly flag to the cookie as shown in the example below:
PHP:
<?
php
header
(
"Set-Cookie: hidden=value; httpOnly"
);
?>



相关文档:

Linux Enterprise5 下 php安装

前提: Apache 和 Mysql已经安装完毕。
php 版本:php-5.2.6.tar.gz
下载地址:
 ZendOptimiter-3.3.3-linux-glibc23-i386.tar.gz
下载地址:
1. 首先安装  GD库软件
libxml2-2.7.2.tar.gz
下载地址:
#tar -zxvf libxml2-2.7.2.tar.gz
#cd libxml2-2.7.2
#mkdir /usr/local/modules
#mkdir /usr/loc ......

php中如何关闭notice级的错误提示

php中如何关闭notice级的错误提示
2008-09-04 15:39
1.在php.ini文件中改动error_reporting
   改为:   
   error_reporting    =    E_ALL    &    ~E_NOTICE
如果你不能操作php.ini文件,你可以用下面的方法 ......

php中发送邮件的方法


   php中有两种方法:
         1,通过mail()函数发送
          2,Socket发送邮件
一,通过mail()函数发送:
   1,需要配置php.ini邮件信息
        打开php.in ......

php 目录和文件操作

<?php
//新建目录
mkdir("/path/to/my/dir", 0700); //0700表示权限最大
//删除目录
rmdir("/path/to/my/dir");
//遍历目录
$p =dir(/etc/php5);
echo "handler:".$p->handler;
while(false!=$entry=$p->read()){
    echo $entry."\n" ;
}
$p->close();
//输出文件内容
$handle=@ ......

PHP读取MSSQL数据出现乱码的问题

PHP读取MYSQL数据库或MSSQL数据库时,有时出现乱码,这是PHP.ini中配置和.php页面编码不一致引起的。
解决办法:
1、首先,将PHP.ini中设置为default_charset = "gb2312",然后重启Apache。
   这时从数据库中提取的结果集可以正常显示中文了,但.php页面中的列名也有可能显示乱码了。这样解决,
2、然后,PH ......
© 2009 ej38.com All Rights Reserved. 关于E健网联系我们 | 站点地图 | 赣ICP备09004571号