This material is for beginner programmers.

Error demonstration

Why do I so often see something like this when I go to a website:
Warning: Use of undefined constant LOCAL_SERVER - assumed "LOCAL_SERVER" in /web/includes/page-definitions.php on line 13

This is one of the standard PHP errors, which a) is ugly for the user; b) potentially dangerous.
Therefore, they need to be intercepted and ordered.

First, the error_reporting function allows us to decide which errors we want to see.
In principle, it is enough to simply turn off the display of all errors (error_reporting(0)), but this is not what we need, because we want to know about errors.
The constant for all errors is E_ALL.
In the fifth version, the E_STRICT constant appeared, showing strict comments about the code.
Of course, it is desirable to see them, but they are not included in E_ALL, so we will use the numerical value error_reporting(8191), which includes everything, up to new errors of the sixth version.

Note for the curious: error_reporting(E_ALL | E_STRICT) is not suitable, because then PHP 4 will swear, not knowing what E_STRICT is. There will be no problems with the numerical value.

We add a check for DEBUG - a constant set in the config, and, using set_error_handler, we will catch errors in an already running service. By the way, your error reporter must return true, otherwise PHP will throw a standard error.

(As for comparing a variable with five parameters, I’m not sure about the choice of method: in_array is more beautiful, and much slower, and switch case case is faster, but not at all beautiful. Beauty is a subjective matter...)


Prior to version 4.2.0, the register_globals directive was enabled by default in PHP.
This has led to the fact that many are accustomed to the fact that if there is a form in the form, then in PHP code you can check if ($username == "admin")...

However, this is a potential hole that has led to many hacks.
Therefore, POST, GET, COOKIE variables must be accessed through superglobals $_POST, $_GET, $_COOKIE.
Many found this too difficult and the import_request_variables command became very popular, returning everything to normal.
So here it is.
Do not do that.

Another problem with register_globals:
150) ( echo "Boom!"; ) ?>
If the user is not an administrator and the $user_level variable is not initialized
(it is not given the value 0 at the beginning of the script, in the hope that it will be 0 automatically),
then a bad person can add foo.php?user_level=999 in the address bar and gain access.

SQL injection and magic_quotes

This design is so popular among beginners

dangerous. If the user enters " OR `username` = "admin" instead of the password, the system will let him in as an admin.

The example given is, of course, elementary.
But if you don’t solve the problem globally, you can always miss some query that is susceptible to SQL injection.
To combat this, the PHP developers decided to make sure that all information coming from the user is processed and all quotes are escaped (they are preceded by a slash, which is what the addslashes command does).
What's happened? All information from the user comes with slashes. Even the one that looks like it shouldn’t receive slashes. For example, comments on an article.
Moreover, this is not a 100% way to protect against SQL injection.

Solution. a) remove slashes, if any, from all incoming information. b) All information entering the SQL query is filtered by the specially created function mysql_real_escape_string (or an analogue for another database).

We remove slashes:

We create a function for filtering (mysql_real_escape_string - long, and tied to the verification format. What if you need to change the filter?)

And we use it everywhere. As soon as some dynamic data is sent to SQL, we immediately use quote:

Data checking

Check All what the user enters.
By default he is an attacker.

Try not to filter, try validate.
In other words, don't create a blacklist, create a whitelist.
Instead of


This way you will be sure that the information is clean and there will be no surprises.
If you are compiling a list of prohibited characters, you can always look at some bad %00 and similar ones that you most likely have no idea about.

Of course, there are situations when filtering is needed, for example, when a user writes a comment.
Then you need to cut off bad characters.
But in principle, you should try to validate.

There are several commands that need to be handled Very carefully.
These are include, require, readfile, eval, ``, system, exec, create_function, dir, fopen and the like.
Always look three times when you use them, if they use data that can come from the user, you can be sure that someone will use it.

This piece is dangerous. If an attacker enters "../../../../../etc/passwd%00", he will be happy, but you are unlikely to be happy.


Don't forget that cookies are no more difficult to edit than what is visible in the address bar.
Therefore, everything that comes as a cookie is potentially an attack.
So there is no need to store the user's access level or ID in cookies.
It's best to let PHP handle this on its own using sessions.

By the way, in general, you need to store anything in cookies very modestly and think three times, is it necessary?


Always think of the data in the $_GET, $_POST, $_COOKIE variables as an attack by an attacker.
Trust no one! :)
The php.ini configuration file is the main configuration tool for the PHP core. It is counted every time PHP is initialized. If the change is not visible, be sure to stop and restart httpd. If the changes you made are still in effect, use the phpinfo() function to check where php ini is located.

The configuration file is well commented and detailed. Parameters are case sensitive, keyword values ​​are not; spaces and lines starting with a semicolon are ignored. Boolean values ​​can be represented as 1/0, Yes/No, On/Off or True/False. The default values ​​in php.ini will affect the PHP installation, which can be customized later.

In this article we will look at important settings in the php.ini file that may be required for the PHP parser.

short_open_tag = Off

Short open tags look like this:. This setting must be set to Off if you want to use the XML processing features.

safe_mode = Off

If this setting is ON, you probably compiled PHP with the enable-safe-mode flag. Safe Mode is most important for using CGI.

safe_mode_exec_dir =

This option only matters if Safe Mode is enabled. It can also be installed with the --with-exec-dir flag during the Unix build process. PHP in safe mode only executes external binaries from this directory. The default directory is /usr/local/bin . This has nothing to do with serving a regular PHP/HTML web page.

safe_mode_allowed_env_vars =

This php ini option specifies which environment variables users can change in safe mode. By default, only those variables that have "PHP_" appended to them. If this directive is empty, then most variables can be changed.

safe_mode_protected_env_vars =

The parameter sets which environment variables users cannot change in safe mode, even if the safe_mode_allowed_env_vars option is enabled.

disable_functions =

A rather useful addition to the PHP4 configuration, which has been retained in the PHP5 version, is the ability to disable selected functions for security reasons. Previously, this required manual editing of the C code in which the PHP interpreter was written. File system, operating system, and network functions should be first on this list because the ability to write files and change the system via HTTP is not secure.

max_execution_time = 30

When setting up php ini, you need to be aware that the set_time_limit() function will not work in safe mode. Therefore, this is the main way to implement delaying script execution in safe mode. On Windows, you must force termination based on maximum memory consumption, not time. You can also use the Apache timeout setting to implement a delay. But it will also apply to non-PHP site files.

error_reporting = E_ALL & ~E_NOTICE

The default is E_ALL & ~E_NOTICE , all errors except notifications. Servers should be set to at least the default value. And only on main servers can you use a lower value.

error_prepend_string = [""]

Together with » is used with strings, as in forming the value of a form field.

variables_order = EGPCS

Replaces gpc_order . Both versions have been deprecated along with register_globals. It sets the order of various variables: Environment, GET, POST, COOKIE and SERVER (or Built-in). You can change this order. Variables will be overwritten sequentially from left to right, with the rightmost one always “winning”. This means that if you leave the default value and use the same name for the environment variable, the POST variable, and the COOKIE variable, the name will end up being the COOKIE variable.

register_globals = Off

This php ini set option allows you to determine whether EGPCS variables should be registered as global. This method has now been deprecated, and as of PHP 4.2 this flag is set to Off by default. Use superglobal arrays instead.

gpc_order = GPC

This option is deprecated.

magic_quotes_gpc = On

Escapes quotes in GET/POST/COOKIE input. If you use many forms that submit data to themselves or other forms, and display form values, you will need to enable this directive or use the addslashes() functions on string data types.

magic_quotes_runtime = Off

This option escapes quotes in incoming database strings and text strings. Remember that SQL adds slashes to single quotes and apostrophes when storing strings and does not remove them when returning strings. If this option is disabled, you must use the stripslashes() function when outputting any type of string data from a SQL database. If magic_quotes_sybase is set to On , then this setting should be Off .

magic_quotes_sybase = Off

Escapes single quotes in incoming database strings and text strings with Sybase-style single quotes rather than backslashes. If magic_quotes_runtime is set to On , this option should be disabled.


If this php ini parameter specifies a path, PHP should automatically add an include() construct to the beginning of every PHP file. Restrictions on include file paths should be taken into account.


If this parameter specifies a path, PHP must automatically insert an include() construct at the end of every PHP file, except when exiting using the exit() function. Restrictions on include file paths should be taken into account.

include_path =

If you set this value, you will only be allowed to include or request files from the specified directories. The include directory is usually located under the root document. This is necessary if you are working in safe mode. Set the parameter to .in to include files from the directory where your script is located. Multiple directories are separated by colons: .:/usr/local/apache/htdocs:/usr/local/lib.

doc_root =

When setting up php ini, if you are using Apache, then in the httpd.conf file the document root directory for this server or virtual host is already set. Set this value here if you are using Safe Mode or only want to allow PHP for part of the site ( for example, in only one subdirectory).

The problem of excess weight in the abdominal area is relevant for men of different ages. To effectively remove fat deposits in this area, men need to create an individual nutrition plan, introduce an active training regimen and give up bad habits.

Big belly in men, reasons for how to remove it

Over the past decades, against the backdrop of rapid growth in urbanization and the popularization of a sedentary lifestyle, the problem of abdominal obesity has become widespread. Nutritionists are increasingly hearing the question - how to remove a man's belly? To successfully get rid of it, you need to become familiar with the factors leading to its accumulation.

Unhealthy food. This category includes fast food, ready-made food, fast food, fried, highly salted food. High-calorie foods with fast, easily digestible carbohydrates are contraindicated if you are overweight.

Harmful drinks. Low-alcohol carbonated drinks, beer, and lemonades contain a colossal amount of harmful substances, the consumption of which leads to a progressive increase in fat on the abdomen, waist, and sides. In addition, a large amount of beer leads to hormonal imbalance and a gradual increase in female hormones.

Low activity. To the question of why a big belly grows in men, the reasons for how to remove it, the answer is an assessment of average daily physical mobility.

Sedentary work, a personal car, lack of active recreation and a regular physical training regimen lead to the deposition of fat on the abdomen, waist, and sides.

This affects the state of the cardiovascular system, and in combination with obesity, the musculoskeletal system suffers.

Stress. One of the leading risk factors for abdominal obesity is high stress loads. Increased stress affects the chemical processes of metabolism, worsens the general condition of the body, and leads to overeating.

Among the reasons for the development of visceral obesity, genetic predisposition is noted, but correct implementation of recommendations on how to remove a large belly in men leads to significant results. You need to start losing weight by correcting your diet.


Despite the fact that men’s commitment to diets and fasting days is quite low, a well-designed diet, taking into account individual characteristics, is necessary for losing weight and getting rid of extra centimeters.

Slow metabolism, the intake of large amounts of calories and fats lead to the storage of unspent energy resources - fatty acids - in the subcutaneous fatty tissue, around the internal organs. As fat accumulates, the question comes to the fore: how to remove belly fat for a man without harming his health? Correction of food intake and development of correct eating habits are required.

Food diary

At the beginning of the weight loss process, maintaining a food diary is required to maintain the level of self-organization and general motivation. At first it is filled daily, and then, as the eating habit develops, weekly. Notes in the food diary reflect all meals, calorie content of dishes, consumption of junk food, alcohol, weight and waist size.

Over time, carefully filling out a food diary will reflect the reasons for weight fluctuations, the effect of certain foods on the metabolic rate, and the general condition of the body.

Fractionality of food

The first task of how to remove a big belly in men is to speed up the metabolism. This is possible by dividing the daily volume of food into fractions - the body stops storing fatty acids with a constant intake of small amounts of food. Fractional nutrition helps maintain the level of nutrients, vitamin complexes, and minerals in the body.


A balanced diet is not only a guarantee of rapid weight loss, but also one of the effective methods on how to remove a man’s belly. The diet excludes the consumption of fast, easily digestible carbohydrates, and is based on protein foods, whole grain cereals, vegetables, fruits, a limited amount of polyunsaturated fats, and slow carbohydrates. It is important to have a variety of prepared dishes and fresh natural food.

Proper nutrition does not require exhausting diets, significant food restrictions, or fasting - in this case, the body begins to store nutrients, and excess weight returns. For optimal weight loss, it is important to maintain the same level of nutritional saturation throughout the day and avoid hunger.


Many women complain that their husband has a big belly; advice from nutritionists and fitness specialists in the field of proper nutrition will tell you how to remove it. The basis of healthy weight loss, in addition to diet, is also a daily menu based on freshly prepared products.

Indicative menu

First breakfast. A glass of water at room temperature with lemon and mint added. Fresh fruit, a glass of milk or low-fat fermented milk product.

Lunch. Oatmeal or muesli with dried fruits. Multi-component vegetable salad with olive oil and sesame seeds. A piece of boiled chicken breast or turkey.

Dinner. Soup with vegetable or meat broth. Stew or poultry. Vegetable side dish with rice or buckwheat porridge. Dried fruits, a slice of rye bread. Weak tea without sugar.

Afternoon snack. Fruit juice, smoothie. Fresh fruits. Before an intense workout, you should add protein (chicken, turkey, seafood).

Dinner. Stewed vegetables, buckwheat porridge. Baked or steamed fish. Vegetable salad. Low-calorie bread, bread with bran. Green tea.

If you have a pronounced feeling of hunger in the evening, you are allowed to drink a glass of milk or kefir with fruit and bran. During the day, it is acceptable to satisfy your hunger with nuts, energy bars, and yoghurts in small quantities.

The menu is based on fruits, vegetables and whole grain cereals. Before training, it is mandatory to eat protein food no later than two hours before class. This will help you to remove belly fat for a man in a short time without harming the body.

Intermediate result

The first kilograms will begin to rapidly disappear immediately after giving up junk food. Two weeks after you stop receiving a large amount of calories, extra centimeters will begin to disappear from your waist. Unlike the female body, the male body loses weight much more intensively, and the extra pounds, as a rule, do not return.

Against the backdrop of losing weight, another question becomes relevant - how to remove a sagging belly in men? It is necessary to introduce regular physical activity and change your usual lifestyle.

Physical training

You should start with walking at a normal pace, Nordic walking, cycling, riding a scooter with alternating changes in the leading leg, and roller skating. As your training level increases, you should make adjustments to the organization of your training strategy - introduce additional loads, increase the intensity of training.

If, even against the background of dietary restrictions, a large belly persists in men, the reasons for how to remove and cope with it will help overcome a gradual increase in vital activity. For example, organizing ten-minute breaks during working hours to warm up - climbing stairs, walking in place, stretching.

Before you begin to follow the recommendations on how to remove belly fat for a man in the gym, you should increase your level of fitness with morning exercises or morning jogging. Such loads start the metabolism, optimize energy consumption during the day and increase overall performance.


Running loads are an excellent workout for the cardiovascular system and musculoskeletal system. You can do interval running with fast walking, with weights for your legs or dumbbells for your arms. Any running load requires strict monitoring of the state of breathing and the absence of dizziness. After running, you should perform several sets of exercises with lifting the body and legs for the upper and lower abdominal muscle groups.


Ideal for how to remove belly fat for a man in the gym in a short time with the help of a personal trainer. Exercises on sports machines help to work out different groups of abdominal muscles, including the lateral muscles, with different weight loads.

The ideal workout aimed at how to remove belly fat in the gym for a man is circuit training. It consists of performing each new approach on different machines, it allows you to strengthen all muscle groups, promotes intensive weight loss, and increases endurance. As your training level increases, the weight load during circuit training increases along with the number of approaches.

Cardio training, aerobic group classes are well suited for those who do not know how to remove belly fat in the gym for a man. The personal control of the coach and the personal achievements of each group member are good motivation and increase self-discipline.


After starting active physical training, the result will be rapid - centimeters on the stomach, waist, and sides will begin to disappear. With increasing training, the contours of the torso will improve and muscle definition will appear.
After changing your usual lifestyle, your performance will increase, your mood will improve, and your immunity will increase.

