Skip to Content
PHP and MySQL® 24-Hour Trainer
book

PHP and MySQL® 24-Hour Trainer

by Andrea Tarr
November 2011
Beginner
504 pages
11h 30m
English
Wrox
Content preview from PHP and MySQL® 24-Hour Trainer

Lesson 17

Writing Secure Code

One of the most important things you can learn about PHP and MySQL is how to prevent your code from being an easy target to those who are malicious. There is no way to make your code completely hack-proof, but you can go a long way to securing it by following certain practices. This is not an exhaustive lesson in all the ways that a hacker can get into your site, but it is the equivalent of keeping your car safe by removing your keys and locking your doors.

You might think that the chance of your site being hacked is slight, but remember that hackers can find your site and its vulnerabilities the same way that Google scans your site for search indexes.

In the first section of this lesson you learn what is meant by three common threats: cross-site scripting, cross-site request forgery, and SQL injection. You learn proper coding habits in the second part, which mitigate those and other threats.

Understanding Common Threats

Cross-site scripting (XSS), a type of code injection, embeds malicious code inside innocent code that is later output; for instance, when a user enters a search term it is usually displayed on the screen with the results. If, instead of an innocent word, the data entered were JavaScript, that code would be run when the search term was output to the screen. Hackers can install programs that track your keystrokes and track where you go.

Cross-site request forgeries (CSRF, XSRF) work by allowing an attacker to hijack a user's session ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Expert PHP and MySQL®

Expert PHP and MySQL®

Andrew Curioso, Ronald Bradford, Patrick Galbraith

Publisher Resources

ISBN: 9781118066881Purchase book