Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,158,881 members, 7,838,158 topics. Date: Thursday, 23 May 2024 at 04:25 PM |
Nairaland Forum / Science/Technology / Programming / 7 Useful Functions To Tighten The Security In Php (2251 Views)
PHP Functions To Clean Database Inputs / Most Used Mysql Database Functions / Running Python Codes In Php (2) (3) (4)
7 Useful Functions To Tighten The Security In Php by goldincome(m): 12:13pm On Aug 25, 2008 |
Security is a very important aspect of programming. In PHP, there are few useful functions which is very handy for preventing your website from various attacks like SQL Injection Attack , XSS attack etc.Let’s check few useful functions available in PHP to tighten the security in your project. But note that this is not a complete list, it just list of functions which I found useful for using in your project. 1) mysql_real_escape_string() - This function is very useful for preventing from SQL Injection Attack in PHP . This function adds backslashes to the special characters like quote , double quote , backslashes to make sure that the user supplied input are sanitized before using it to query. But, make sure that you are connected to the database to use this function. 2) addslashes() - This function works similar as mysql_real_escape_string(). But make sure that you don’t use this function when “magic_quotes_gpc” is “on” in php.ini. When “magic_quotes_gpc” is on in php.ini then single quote(’) and double quotes (”) are escaped with trailing backslashes in GET, POST and COOKIE variables. You can check it using the function “get_magic_quotes_gpc()” function available in PHP. 3) htmlentities() - This function is very useful for to sanitize the user inputted data. This function converts the special characters to their html entities. Such as, when the user enters the characters like “<” then it will be converted into it’s HTML entities < so that preventing from XSS and SQL injection attack. Read more: http://www.netxpertsolutions.com/7-useful-functions-to-tighten-the-security-in-php-55.htm Enjoy |
Re: 7 Useful Functions To Tighten The Security In Php by javalove(m): 10:14am On Aug 27, 2008 |
good one man. keep it up |
Re: 7 Useful Functions To Tighten The Security In Php by Mustay(m): 12:38pm On Aug 27, 2008 |
goldincome: I know of this one merci |
Re: 7 Useful Functions To Tighten The Security In Php by javalove(m): 8:31pm On Aug 27, 2008 |
@Mustay So its not only Islamic Brotherhood we share? |
Re: 7 Useful Functions To Tighten The Security In Php by goldincome(m): 3:42pm On Aug 28, 2008 |
Never, Ever, Trust Your Users It can never be said enough times, you should never, ever, ever trust your users to send you the data you expect. I have heard many people respond to that with something like "Oh, nobody malicious would be interested in my site". Leaving aside that that could not be more wrong, it is not always a malicious user who can exploit a security hole - problems can just as easily arise because of a user unintentionally doing something wrong. So the cardinal rule of all web development, and I can't stress it enough, is: Never, Ever, Trust Your Users. Assume every single piece of data your site collects from a user contains malicious code. Always. That includes data you think you have checked with client-side validation, for example using JavaScript. If you can manage that, you'll be off to a good start. If PHP security is important to you, this single point is the most important to learn. Personally, I have a "PHP Security" sheet next to my desk with major points on, and this is in large bold text, right at the top. Common Mistake Using Global Variables In many languages you must explicitly create a variable in order to use it. In PHP, there is an option, "register_globals", that you can set in php.ini that allows you to use global variables, ones you do not need to explicitly create. Consider the following code: if ($password == "my_password" { $authorized = 1; } if ($authorized == 1) { echo "Lots of important stuff."; } To many that may look fine, and in fact this exact type of code is in use all over the web. However, if a server has "register_globals" set to on, then simply adding "?authorized=1" to the URL will give anyone free access to exactly what you do not want everyone to see. This is one of the most common PHP security problems. Fortunately, this has a couple of possible simple solutions. The first, and perhaps the best, is to set "register_globals" to off. The second is to ensure that you only use variables that you have explicitly set yourself. In the above example, that would mean adding "$authorized = 0;" at the beginning of the script: $authorized = 0; if ($password == "my_password" { $authorized = 1; } if ($authorized == 1) { echo "Lots of important stuff."; } More will be posted. |
Re: 7 Useful Functions To Tighten The Security In Php by javalove(m): 5:46pm On Aug 28, 2008 |
gr8 work man |
Re: 7 Useful Functions To Tighten The Security In Php by goldincome(m): 7:11am On Sep 04, 2008 |
I have also posted a FREE ebook that will teach you what you need to know about security in PHP and how to write a secure code in php. You can download it at: http://www.netxpertsolutions.com/7-useful-functions-to-tighten-the-security-in-php-55.htm Please leave a comment there or question, so I can answer you. Enjoy |
(1) (Reply)
Programming Challenge. / --theory: Geeks, Computer Hobbyists And Programmers Hardly Gets The Girl Quick? / I Need Online Banking Source Code In PHP, MSQL
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 17 |