Chapter 11. Security

Terms You’ll Need to Understand

  • Data filtering

  • register_globals

  • SQL injection

  • Command injection

  • Cross-site scripting (XSS)

  • Shared hosting

  • safe_mode

  • open_basedir

Techniques You’ll Need to Master

  • Validating client data

  • Understanding the register_globals directive

  • Escaping data used in SQL statements

  • Escaping data used in shell commands

  • Preventing cross-site scripting attacks

  • Understanding the safe_mode directive

  • Understanding the open_basedir directive

Data Filtering

Data filtering, the process of validating data and filtering out that which is invalid, is arguably the cornerstone of Web application security. The basic premise is quite simple: Never trust foreign data, especially data from the client.

There are two fundamentally different approaches ...

Get Zend PHP Certification Study Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.