php programming practices

[mungyun]

Hi all!


I have created my own content management system from scratch pretty much and I really need to clean the code up and organize it better because there is so much php code everywhere but I don't really know good practices of php programming because I taught myself. Do I initialize all the session variables that I need all at once or do I make individual queries to sql? Also should I initialize these right after session_start() or should I do some checks first? If anyone has any other securing or coding tips for a budding young php programmer that would be appreciated.

Thanks!

[whizkid2300]

While I try not to send people to google often. I am a firm believer in checking before posting.

http://www.google.com/search?hl=en&q=securing+php+code

Seems to have plenty of responces. I however have not coded in php in over a year, so my ability to just look at what is being said and know if it is bullshit or legit is off.

Take a look at those pages if nothing hits the spot come back and I will see what I can remember.

[yatot]

http://www.cgisecurity.com/lib/php-secure-coding.html <---- the article is kind of old but i think it can still be used.

and another one.
http://www.linuxsecurity.com/content/view/112524/151/

[mungyun]

First, I must apologize because this post should probably be in the programming section but I thought it had to do with online more than programming.

While I try not to send people to google often. I am a firm believer in checking before posting.

http://www.google.com/search?hl=en&...curing+php+code

I have done my best to search and learn from the internet but alas, there are those times for everyone where they need to ask someone for help and I am here...

I know what to search for when I want to Program Secure PHP but I want to learn is good practices to make php run as smoothly as possible with as little holes/bugs as possible. This I haven't been able to find thus far on my own... I have done my searching and bought my books on php and they do suggest good practices, but not anywhere near the scope of a complex CMS. I started basic with the logon script and blah but ended up with a site that is damn near 100% dynamic. It has user definable and creatable skins, a forum, a video/music/art gallery, web designs, tutorials, and more. This site is going to have a tutorial for everything I put in it because I want others to learn what I learned. On top of that, I plan on being able to have some sort of web design business that goes with it.

This site has been a project for at least a year for me. I wrote every bit of code myself since the help of a couple of tutorials a year ago and I would like to protect it from getting defaced by some punk hackers showing off to their friends, or more seriously, stealing future users info. I know that AO has already gone over this many times but I would like to get advice from people here like I would when I ask my teachers. My current problem is not necessarily securing it yet, but cleaning it up and that starts from line 2 of the header.inc file which is the session_start(), and that gives me a lot of code to clean up. I have already done my best to avoid sql injection, bad use of variables, etc. But how do I know it is alright without being able to pay someone to secure and clean it up for me?

AO is the only place I ever come to when I have questions because I know that there are very experienced people here that know much more than I do and I would like to learn from that. I'm sorry if this is a rant but I want my site to be as good as possible when I finally gets a good host to live in.

[a*user]

Well seeing as you are almost done with the coding it will take alot longer to put into place good practices than doing it right the first time. Just remember the famous "//" marks if you comment everything it will be the best thing you can do for yourself and the help or anyone that uses the system. I would hope that you would be trying to distribute it freely if it is truly something great. But I would not help you unless you read so here is a great site for php information. and it should help you on your quest.

I hope you find what you are looking for and make sure next time you start the practices at the beginning or a variable change can cause a huge headache.

[a*user]

I just came across this site and it may help you. Top 21 PHP progamming mistakes. Hope it helps.