O'Reilly logo

PHP: The Good Parts by Peter MacIntyre

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. PHP Security

In today’s world of identity theft and credit card fraud, it is imperative for websites to be as secure as possible. It has been proven time and again that nothing is 100 percent foolproof in the security field, so it behooves (I’ve always wanted to use that word in a book) us to be as diligent as possible in protecting the information and websites that have been placed in our trust. When using PHP, there are a number of best practices to follow in an attempt to mitigate the risks.

The most vulnerable portions of a website are any places where data is entered or manipulated. Although that sounds vague and indicates a potentially large target area, I really mean to make you think about all of the areas in your websites where potential attackers can interact with your site. Let’s examine these areas in detail and look at some examples of how you can reduce their vulnerabilities.

Data Validation

Any area of your website that allows for data input is a potential risk area: data entry forms, search inputs, query strings, and so on. The general rule of thumb here is to treat any outside source of data as suspect, and to manage it by filtering it as soon as it becomes available to you. What does filtering mean? Well, once data is passed to your control, you inspect it and alter it if needed—or reject it if it does not meet your input criterion. This is known as validating your data on the most basic of levels. The section Cross-Site Scripting (XXS) and SQL Injection ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required