₦airaland Forum

Welcome, Guest: Join Nairaland / LOGIN! / Trending / Recent / New
Stats: 1,733,044 members, 3,326,074 topics. Date: Tuesday, 24 January 2017 at 02:09 PM

Other Ways To Secure A Portal PHP - Programming - Nairaland

Nairaland Forum / Science/Technology / Programming / Other Ways To Secure A Portal PHP (263 Views)

How To Secure My Wireless Router / Need To Secure Your Compiled Software (.msi Or .exe) To 1/PC? / Please Help An Aspiring Programmer To Secure A Placement In An It Firm (1) (2) (3) (4)

(0) (Reply) (Go Down)

Other Ways To Secure A Portal PHP by uvalued(m): 6:13pm On Jan 11
greetings to you all.

we have been designing a departmental portal for a small school using php mysql

now on the issue of security.. we were able to do the following
1. made sure we used pdo
2. used preg_replace to replace any text/number from textbox

but with the rapid increase in security threat, i felt i need to inquire from gurus to suggest how to protect the database and the portal.

hopefully i want to learn backtrack to subject the portal to test for holes etc. untill then please kindly suggest other means of securing the portal.

thank you
Re: Other Ways To Secure A Portal PHP by talk2hb1: 8:21pm On Jan 11
XSS, SQL INJECTION, XSRF, DDOD, etc
Re: Other Ways To Secure A Portal PHP by uvalued(m): 11:36pm On Jan 11
talk2hb1:
XSS, SQL INJECTION, XSRF, DDOD, etc
thanks with preg_replace xss and sql injection will be handled quite successfully dont you think so...
Re: Other Ways To Secure A Portal PHP by talk2hb1: 11:50pm On Jan 11
uvalued:

thanks with preg_replace xss and sql injection will be handled quite successfully dont you think so...
It depends
Re: Other Ways To Secure A Portal PHP by Jregz(m): 6:30am On Jan 12
uvalued:

thanks with preg_replace xss and sql injection will be handled quite successfully dont you think so...
That's an hack. Preg replacing this things would harm you.. How many different use cases for preventing xss and sql injection is your fancy regex going to take into consideration?

Sql injection ? Use prepared statements.
Xss ? Use the html_entities function

https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

(0) (Reply)

Magento Store Becomes The Premier Selection For A Dynamic Businessmen / Carrington Themes Programmers Help Your Boy / New And Refreshed Devcenter: Community For African Developers

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (0) (1) (2) (3) (4) (5) (6) (7) (8) (9)

Nairaland - Copyright © 2005 - 2017 Oluwaseun Osewa. All rights reserved. See How To Advertise. 28
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.