wooo!
making notes on de la php
we can aslways cat to see derricks code in examples...
arrays and functions maybe? 

$arr = array(ham,cheese,sauce,bread);
$c =count($arr);//wont return range of indexes
for($i=0;$i<$c; i++)
echo $arr[$i]."<br>\n"; //possible to have holes, watch out//
 
$arr = array ('0'=>1, '1'=>2, '2'=>3);

//growing the array//array_push($holes,123);
//might return boolean values goes to end
$holes[] = "new val";//addto an array

////////////////////////////////////////////
2/12/18
validate forms in php  
super global $_POST['fname'] unsanitaized'

if(isset($_POST) && !empty($_POST));
echo "recived a post
//has the user atemped to fill out the form get is visting, post is reciveing data

diffent kinds of validation, eamnil, username? certian ammount of sepcial chars in passwrd?

match to see if name = all chars 
if can add <h1> in a name field browser followed instructions
BUT!: <script> </script> can add code alert docu.cooky)
steling stuff alert xxs ;

how to sanitize data
validate requierments
form completely filled out
sanatize user data, create temp to store user input

$fname = $_POST['fname];


$fname = trim($fname); trim the space

$fname = strip_tags($fname);

$fname = htmlspecialchars($fname); // turns special signs into html coding verison

$fname = $db->mysql_real_escape($fname);

THEN PROCESS
echo "Thank you $fname";

make a function to do all the sanitization

3/5/18

OOP
in php? wow!
ask questions afterclass you damn dingle!
programing with respect to an object 
nested variables and such...

class definitions 


class Person {
 //contructer
deconstructor
accessor
mutator
only one per class

privat $name;
private $age;

public function  __contruct(){//assign default values
//instantitate a new object
echo" Im in the person constructor";


}
public function __destruct(){ // destroy the obj

}
:w
:q

public function __get($membervar){
return($this.->$membervar);
}
//always the arrow, never the dot
}


3/12/18
security vulnerability

form enctype='multipart/form-data" action =' ' method='post'>
input type = file name = ufile
input type = sumbit" value = upload
</form>

through the wire there is a stream
the server is making a connectio between you and the server
php.ini
check to see if file was downloaded completely
see if file size is too big, put a limit
takes up your space
check for file extentions
.jpeg, .txt etc..
methodologys
file upload
if download php could be malisioucs, 
<?php
if (isset($_POST)) && !empty($_POST) {

$_FILES //super global
asositive arry with name type, size temp name mailexention
check to see if file was actualy uploaded
if(is_uploaded_file($_FILES['ufile']['tmp_name']){
//success
move file before script ends
1.check for file size limit
if($_FILES[ufile][size >10240 10kb{
//error, too big, throw exception,exit,redirect
dont say why failed
}
such a thing as double extentions.. file.php.jpg 
command 
move_uploaded_file 1st param file to be uploaded, 2nd param is destination

once file is uploaded 
use php to echo an image tage

access file via get request
file will be exectued as owner, the owner
as entity you are hacking
what ever you upload it will belong to the server

email 

mail($to//where its going, $subject//     ,$content//body of message, [aditional headers $addParamas

contact form -> name email text message
$to = 'contactus@website.come//owner
$subj = "contact us .Date().name

$headers = from cc bcc


if (!mail ($to 
error

else


EMIAL INJECTION HEADER ARWE THE RISK!

disallow 


sensetive data stored in cookies
setcookie hye, i did this...
crossside request forgery