Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,194,546 members, 7,955,027 topics. Date: Saturday, 21 September 2024 at 02:52 PM |
Nairaland Forum / Science/Technology / Webmasters / 7 Useful Functions To Tighten The Security In Php (1227 Views)
My Wapka Site Has More Functions Than Nairaland And Your Website / 6 Tips To Strenghten The Security Of Your Wordpress Website / Why The Security Warning From McAfee? (2) (3) (4)
7 Useful Functions To Tighten The Security In Php by goldincome(m): 12:15pm On Aug 25, 2008 |
Security is a very important aspect of programming. In PHP, there are few useful functions which is very handy for preventing your website from various attacks like SQL Injection Attack , XSS attack etc.Let’s check few useful functions available in PHP to tighten the security in your project. But note that this is not a complete list, it just list of functions which I found useful for using in your project. 1) mysql_real_escape_string() - This function is very useful for preventing from SQL Injection Attack in PHP . This function adds backslashes to the special characters like quote , double quote , backslashes to make sure that the user supplied input are sanitized before using it to query. But, make sure that you are connected to the database to use this function. 2) addslashes() - This function works similar as mysql_real_escape_string(). But make sure that you don’t use this function when “magic_quotes_gpc” is “on” in php.ini. When “magic_quotes_gpc” is on in php.ini then single quote(’) and double quotes (”) are escaped with trailing backslashes in GET, POST and COOKIE variables. You can check it using the function “get_magic_quotes_gpc()” function available in PHP. 3) htmlentities() - This function is very useful for to sanitize the user inputted data. This function converts the special characters to their html entities. Such as, when the user enters the characters like “<” then it will be converted into it’s HTML entities < so that preventing from XSS and SQL injection attack. Read more: http://www.netxpertsolutions.com/7-useful-functions-to-tighten-the-security-in-php-55.htm Enjoy |
Re: 7 Useful Functions To Tighten The Security In Php by ztyle(m): 12:21pm On Aug 25, 2008 |
Nice peice, unfortunately i don't work with PHP, my works are base on HTML. |
Re: 7 Useful Functions To Tighten The Security In Php by quadrillio(m): 10:22am On Aug 26, 2008 |
Thanks for the info |
Re: 7 Useful Functions To Tighten The Security In Php by goldincome(m): 3:43pm On Aug 28, 2008 |
Never, Ever, Trust Your Users It can never be said enough times, you should never, ever, ever trust your users to send you the data you expect. I have heard many people respond to that with something like "Oh, nobody malicious would be interested in my site". Leaving aside that that could not be more wrong, it is not always a malicious user who can exploit a security hole - problems can just as easily arise because of a user unintentionally doing something wrong. So the cardinal rule of all web development, and I can't stress it enough, is: Never, Ever, Trust Your Users. Assume every single piece of data your site collects from a user contains malicious code. Always. That includes data you think you have checked with client-side validation, for example using JavaScript. If you can manage that, you'll be off to a good start. If PHP security is important to you, this single point is the most important to learn. Personally, I have a "PHP Security" sheet next to my desk with major points on, and this is in large bold text, right at the top. Common Mistake Using Global Variables In many languages you must explicitly create a variable in order to use it. In PHP, there is an option, "register_globals", that you can set in php.ini that allows you to use global variables, ones you do not need to explicitly create. Consider the following code: if ($password == "my_password" { $authorized = 1; } if ($authorized == 1) { echo "Lots of important stuff."; } To many that may look fine, and in fact this exact type of code is in use all over the web. However, if a server has "register_globals" set to on, then simply adding "?authorized=1" to the URL will give anyone free access to exactly what you do not want everyone to see. This is one of the most common PHP security problems. Fortunately, this has a couple of possible simple solutions. The first, and perhaps the best, is to set "register_globals" to off. The second is to ensure that you only use variables that you have explicitly set yourself. In the above example, that would mean adding "$authorized = 0;" at the beginning of the script: $authorized = 0; if ($password == "my_password" { $authorized = 1; } if ($authorized == 1) { echo "Lots of important stuff."; } Happy secured coding More will be posted. |
Re: 7 Useful Functions To Tighten The Security In Php by goldincome(m): 7:07am On Sep 04, 2008 |
I have also posted a FREE ebook that will teach you what you need to know about security in PHP and how to write a secure code in php. You can download it at: http://www.netxpertsolutions.com/7-useful-functions-to-tighten-the-security-in-php-55.htm Please leave a comment there or question, so I can answer you. Enjoy |
(1) (Reply)
Is It True That Facebook Will Soon Be Paid / Free Web Design Training / Please Review Www.enairablog.com
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 16 |