php programming practices
Results 1 to 6 of 6

Thread: php programming practices

  1. #1
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172

    php programming practices

    Hi all!


    I have created my own content management system from scratch pretty much and I really need to clean the code up and organize it better because there is so much php code everywhere but I don't really know good practices of php programming because I taught myself. Do I initialize all the session variables that I need all at once or do I make individual queries to sql? Also should I initialize these right after session_start() or should I do some checks first? If anyone has any other securing or coding tips for a budding young php programmer that would be appreciated.

    Thanks!
    I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

  2. #2
    Banned
    Join Date
    Jun 2003
    Posts
    1,302
    While I try not to send people to google often. I am a firm believer in checking before posting.

    http://www.google.com/search?hl=en&q=securing+php+code

    Seems to have plenty of responces. I however have not coded in php in over a year, so my ability to just look at what is being said and know if it is bullshit or legit is off.

    Take a look at those pages if nothing hits the spot come back and I will see what I can remember.

  3. #3
    Member
    Join Date
    May 2005
    Posts
    93
    http://www.cgisecurity.com/lib/php-secure-coding.html <---- the article is kind of old but i think it can still be used.

    and another one.
    http://www.linuxsecurity.com/content/view/112524/151/
    .sig na ture.

  4. #4
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172
    First, I must apologize because this post should probably be in the programming section but I thought it had to do with online more than programming.

    While I try not to send people to google often. I am a firm believer in checking before posting.

    http://www.google.com/search?hl=en&...curing+php+code
    I have done my best to search and learn from the internet but alas, there are those times for everyone where they need to ask someone for help and I am here...

    I know what to search for when I want to Program Secure PHP but I want to learn is good practices to make php run as smoothly as possible with as little holes/bugs as possible. This I haven't been able to find thus far on my own... I have done my searching and bought my books on php and they do suggest good practices, but not anywhere near the scope of a complex CMS. I started basic with the logon script and blah but ended up with a site that is damn near 100% dynamic. It has user definable and creatable skins, a forum, a video/music/art gallery, web designs, tutorials, and more. This site is going to have a tutorial for everything I put in it because I want others to learn what I learned. On top of that, I plan on being able to have some sort of web design business that goes with it.

    This site has been a project for at least a year for me. I wrote every bit of code myself since the help of a couple of tutorials a year ago and I would like to protect it from getting defaced by some punk hackers showing off to their friends, or more seriously, stealing future users info. I know that AO has already gone over this many times but I would like to get advice from people here like I would when I ask my teachers. My current problem is not necessarily securing it yet, but cleaning it up and that starts from line 2 of the header.inc file which is the session_start(), and that gives me a lot of code to clean up. I have already done my best to avoid sql injection, bad use of variables, etc. But how do I know it is alright without being able to pay someone to secure and clean it up for me?

    AO is the only place I ever come to when I have questions because I know that there are very experienced people here that know much more than I do and I would like to learn from that. I'm sorry if this is a rant but I want my site to be as good as possible when I finally gets a good host to live in.
    I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

  5. #5
    Junior Member
    Join Date
    Jan 2006
    Posts
    18
    Well seeing as you are almost done with the coding it will take alot longer to put into place good practices than doing it right the first time. Just remember the famous "//" marks if you comment everything it will be the best thing you can do for yourself and the help or anyone that uses the system. I would hope that you would be trying to distribute it freely if it is truly something great. But I would not help you unless you read so here is a great site for php information. and it should help you on your quest.

    I hope you find what you are looking for and make sure next time you start the practices at the beginning or a variable change can cause a huge headache.
    Done.

  6. #6
    Junior Member
    Join Date
    Jan 2006
    Posts
    18
    I just came across this site and it may help you. Top 21 PHP progamming mistakes. Hope it helps.
    Done.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •