Writing Secure PHP scripts/apps. Questions
Results 1 to 5 of 5

Thread: Writing Secure PHP scripts/apps. Questions

  1. #1
    Junior Member
    Join Date
    Dec 2003

    Question Writing Secure PHP scripts/apps. Questions

    I am fairly new to writing web applications with PHP. I know most of the basics, but I have some security questions.

    I was wondering if anyone knows any tips to help make my PHP scripts more secure.

    I write all my scripts assuming REGISTER GLOBALS is OFF. I have already been schooled on this issue. I also write database connections in a seperate file that is included in any page requiring a database connection.

    Beyond that, I have no idea what it takes to make PHP more secure.

    I am specifically looking for any practices that would prevent me from writing code that a malicious or curious user might use to access restricted areas of a web site.

    Any ideas?

  2. #2
    Developer Extraordinar
    Join Date
    Jul 2002
    chsh wrote a nice tutorial on this here. It might be a bit old, but it should still help greatly. You might want to talk to xmaddness as well. He's helped me out quite abit.

    Peace, and good luck on you PHP adventure! :-D

    Come to UnError.com

  3. #3
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    A critical point is to check all user input for the presence of malicious code. In this case strip_tags() is your friend, as you can remove all html, or just some of it while leaving a specified set of tags like <b><i><u> for formatting of text. Here is a good article on writing secure PHP.


    One of the best ways to learn I've found is by experience, so once you get your code working like you want, take a break, but come back and play with it from an outside persons view, or if you find that difficult, have a friend toy with it to see if they can find any loopholes.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  4. #4
    Junior Member
    Join Date
    Dec 2003

    Question nice

    From the link you gave:
    Secure PHP Programming for PHP beginners.
    It's almost too easy....


  5. #5

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts