return to rop

Breadcrumb Navigation:

Home > PHP MySQL

Implementing PHP MySQL

PHP is the supported scripting language on Eos. It can be used for programming web sites that reside in /afs/eos/engrwww/ (see our list of hosted domains).

You embed PHP scripts inside HTML pages so your coding and HTML reside in the same file. You also name these files with .php extensions, rather than .htm or .html, and place them in your web locker. The server parses them for you automatically, so you do not have to compile anything or install extra tools.

See more benefits from What can PHP do?

PHP and Javascript

PHP is a very powerful language that can do many things with HTML. Clients do not have control over the execution of PHP scripts as they do with JavaScript. If a client has JavaScript turned off, important functions cannot execute. With PHP, they can. In contrast, JavaScript can trigger events within the browser window such at image rollovers and pop-up windows. PHP cannot do this, but it can dynamically generate JavaScript in HTML documents to do a wide variety of functions client-side.

PHP and Perl/CGI?

PHP has replaced Perl-based CGI scripting on our college web sites. Perl and CGI are no longer supported, and anything written in them must be converted to PHP if they are to continue being used.

The security risks are fewer, and control from the server side greater with PHP than with CGI. PHP's behavior can be highly customized, and with configuration directives on the server, we can enforce how much memory a script allocates, how long a script is allowed to execute, what native functions a script is allowed to call, etc.

PHP is generally considered stronger than Perl for database connections, and many users are beginning to hook databases into their sites. MySQL is the supported database in our web infrastructure.

Implementing PHP

Some restrictions exist on the use of PHP in college web space. Read the following very carefully before setting up your site for PHP, and contact ITECS (eoshelp AT ncsu.edu) if you have any questions.

  1. By default, PHP is not able to write files anywhere in your web locker, but you can request that a portion of a site be writable to PHP. It is recommended that you use a folder called _data for storing files with PHP. This ensures that the only way to access this data is controlled by the PHP scripts you write and local users with AFS access, not general web users. Once a PHP script has written a file in _data, other PHP scripts in your site can read and write to this file, see Guidelines for PHP Writable Web Space.
  2. Reading and writing into the file space is limited by the "open base dir = ./ " restriction, another way of saying that the files PHP scripts read and write must be located in the same directory or beneath the directory that contains the scripts that write to it. Your scripts cannot read or write to any directory above the directory that contains the PHP script.

    For example, if you follow "open base dir = ./ " rules:

    /afs/eos/engrwww/engr/news/locker/script.php


    can write to:


    /afs/eos/engrwww/engr/news/locker/log.txt

    /afs/eos/engrwww/engr/news/locker/_data/log.txt

    /afs/eos/engrwww/engr/news/locker/users/j/jdoe/log.txt


    but not:


    /afs/eos/engrwww/engr/

    /afs/eos/engrwww/engr/news/

    /afs/eos/engrwww/engr/news/other/

    Note that even if a file can be accessed following "open base dir = ./ " rules, it cannot be written to unless it is in a folder the web server has write access to (see 1 above).

  3. Because of security concerns with private data on the web, our servers provide a mechanism to protect a portion of the site. Any folder (directory) called data or _data is blocked from being delivered directly to a browser by the server.  You will need to write a script to make PHP serve content out to the web. The PHP script you write, which is fairly simple and covered in most PHP books, takes requests for files, generates the proper http header, and sends the file.
  4. Register Globals is turned off on college web servers. This helps prevent malicious users from setting the values of variables in PHP scripts to control or alter the way the script works. The Register Globals collapses all GET, POST, and Cookie data and "injects" it into the program. Many programs that rely on this feature contain bugs that can be exploited. Using the Super Globals is the new preferred method.
  5. Additionally, some PHP functions have been disabled and will not operate when used witin scripts. The set of disabled functions includes:
    • dio_* (All direct I/O functions.)
    • dl
    • escapeshellarg
    • escapeshellcmd
    • exec
    • ini_alter
    • ini_set
    • openlog
    • passthru
    • popen
    • proc_* (All process functions.)
    • putenv
    • set_time_limit
    • shell_exec
    • socket_* (All low-level socket functions.)
    • syslog
    • system

See PHP and Webtest at Testing and Staging

 

return to rop

Footer Navigation:

Information Technology and Engineering Computer Services North Carolina State University
Raleigh, NC 27695-7901   (919) 515-2458
return to rop