Essential PHP Security Book Cover
Essential PHP Security by Chris Shiflett
About | Contents | Buy Now | Reviews | Errata | Code
  1. Foreword
  2. Preface
  1. Introduction
  2. Forms and URLs
          ch02.pdf
  3. Databases and SQL
  4. Sessions and Cookies
          ch04.pdf
  5. Includes
  6. Files and Commands
  7. Authentication and Authorization
  8. Shared Hosting
  1. Configuration Directives
  2. Functions
  3. Cryptography
  4. Index

Errata

The following list pertains to errata in the first printing. In cases where errors exist in the code, they are corrected immediately in the code repository.

To report errors, please contact the author.

Page     Errata
x
Error:
    attracks
Correction:
    attacks
xi
Error:
    http://elists.oreilly.com
Correction:
    http://elists.oreilly.com/
URLs must contain the path to the resource. Although this goes against O'Reilly's style guide, technical precision is more important than style.
3
Error:
    /usr/local/apache/logs/error_log
Correction:
    /path/to/error_log
Both references to the error log on this page should emphasize the fact that this path is arbitrary.
6
Error:
    search = $_GET['search'];
Correction:
    $search = $_GET['search'];
10
Error:
    while (strpos($_POST['filename'], '..')
Correction:
    while (strpos($filename, '..')
Without inspecting $filename, this is an endless loop.
12
Error:
    printf
The entry for printf can be removed from the bulleted list, because a search for print includes these cases.
25
Error:
    <option name="pen">pen</option>
    <option name="pencil">pencil</option>
Correction:
    <option value="pen">pen</option>
    <option value="pencil">pencil</option>
26
Error:
    http://www.google.com
Correction:
    http://www.google.com/
30
Error:
    Red from the list and clicks Select
Correction:
    Red from the list and clicks Select
The words "Red" and "Select" should be in a fixed-width font.
36
Error:
    discoveries have revealed both weaknesses
Correction:
    discoveries have revealed weaknesses
This sentence has been reworded improperly, and the word "both" is now misleading.
39
Error:
    INTO user(last_name)
Correction:
    INTO users(last_name)
This isn't an error, but it is inconsistent with the naming conventions I use elsewhere in the book.
42
In Figure 4-2, the "No" path from "PHPSESSID in query string?" is not labeled.
55
Error:
    basename($_GET['filename'] ==
Correction:
    basename($_GET['filename']) ==
55
Error:
    /* $filename is within /path/to */.
Correction:
    /* $filename is within /path/to. */
56
Error:
    and the filename is treated as
Correction:
    and the original filename is treated as
82
Error:
    "$path/$sess_name"
Correction:
    "$path/sess_$sess_name"
83
Error:
    ENT_QUOTES, 'UTF-8'));
Correction:
    ENT_QUOTES, 'UTF-8');
This line of code (longest on this page) has an extra closing parenthesis.
90
Error:
    get_magic_quotes_gpc
Correction:
    magic_quotes_gpc

To report errors, please contact the author.