What security issues should I look out for in PHP
I just starting out learning PHP, I\'ve been developing web apps in ASP.Net for a long time. I was wondering if there are any PHP specific security mistakes that I should be
-
Avoid using register_globals.
Warning: This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
讨论(0) -
Use POST method for data passing from one page to another.
Use trim while getting data like
trim($_POST). Also, usestrip_tagsfor variables before you passing into the queries.I am suggesting you use any framework link Codeigniter, Laravel, YII, Cake PHP because they maid framework with all securities
I suggest Codeigniter for small projects and Laravel for big projects.
讨论(0) -
here is a link of good PHP security programming practices.
http://phpsec.org/
Most of the security issues revolve around user input (naturally) and making sure they don't screw you over. Always make sure you validate your input.
http://htmlfixit.com/cgi-tutes/tutorial_PHP_Security_Issues.php
讨论(0) -
- Always sanitize and validate data passed from the page
- In conjunction with #1, always properly escape your output
- Always turn
display_errorsoff in production - If using a DB backend use a driver that supports/emulates prepared statements and use without prejudice :-)
讨论(0) -
Often introductory tutorials don't talk at all about checking data from users. Like all programming environments, never trust the data you get from users. Learn to use functions like
is_numeric(),isset(), andmysql_real_escape_string()to protect your system.There are also features that allow you to access remote files, and other creative things. I'd avoid those until you have a good understand of how and when they work (often they are disabled for security reasons).
讨论(0) -
Most of the security issues related to PHP come from using unparsed "outside" (GET/POST/COOKIE) variables. People put that kind of data directly into file paths or sql queries, resulting in file leakage or sql injections.
讨论(0)
加载中...
- 热议问题