PHP security tips
Thursday, February 4, 2010 23:46Posted in category PHP Interview Questions
No Comments
- Avoid the use of global variables. Hence it must be ensured that register_globals option is not enabled.
- Use of variables designed to be set by GET or POST requests.
- Store passwords in an encrypted format
- Avoid storing credit card and other secured information. Trust a third party gateway.
- Make use of server side validations and avoid trusting the user input.
Example: if the expected value is integer, use the intval function.
$post_id = intval($_GET['post_id']);
mysql_query(“SELECT * FROM post WHERE id = $post_id”); - Avoid using user input directly in the query. Mysql_real_escape_string()
- Always use the updated version of php.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
