Latest comments on Writing Secure PHP, Part 4 on AddedBytes.comDave Child2008-09-11T13:11:14Ztag:addedbytes.com,2008:413

Comment by Pete ( <a href="http://dev-notes.com">http://dev-notes.com</a> )<br /><br />This is a good article. I have already deployed similar methods to combat #1 mentioned above for similar reasons, and will look into the other two.

tag:addedbytes.com,2008:1077002008-12-24T14:50:26+00:002008-12-24T14:50:26Z

Comment by Gizmore ( <a href="http://wechall.net">http://wechall.net</a> )<br /><br />Very nice summary of secure php coding.<br /> A good reading and kind_a must read for beginners.<br /> <br /> i follow this rule of thumb:<br /> <br /> - mysql_real_escape_string() or intval() before query any userdata into database.<br /> <br /> - htmlspecialchars() _every_ user input before output to browser<br /> <br /> - use one-time-tokens in forms to prevent csrf.<br /> <br /> Regards<br /> Gizmore

tag:addedbytes.com,2008:1076532008-12-21T22:35:01+00:002008-12-21T22:35:01Z

Comment by Ewan ( <a href="http://www.ewan.org.uk">http://www.ewan.org.uk</a> )<br /><br />Great set of articles written in plain English. Thanks for making it so easy to understand!

tag:addedbytes.com,2008:1066752008-11-20T13:54:44+00:002008-11-20T13:54:44Z

Comment by suzanne ( <a href="http://www.selectaskip.co.uk">http://www.selectaskip.co.uk</a> )<br /><br />great article for anyone who is struggling with ASP

tag:addedbytes.com,2008:1062172008-11-05T14:31:22+00:002008-11-05T14:31:22Z

Comment by Mike ( <a href="http://kreativeearth.com">http://kreativeearth.com</a> )<br /><br />I think this is an amazing article, for those ASP and PHP based wesbites which have loop holes for security. really informative.

tag:addedbytes.com,2008:1060742008-11-02T09:52:22+00:002008-11-02T09:52:22Z

Comment by Security ( <a href="http://www.experl.com">http://www.experl.com</a> )<br /><br />This is a very beautiful website, I have enjoyed my visit here very much. I’m very honoured to sign in your guestbook. Thanking you for the great work that you are doing here.

tag:addedbytes.com,2008:1059392008-10-27T20:36:04+00:002008-10-27T20:36:04Z

Comment by Jason Gaved ( <a href="http://www.lexel.co.uk/">http://www.lexel.co.uk/</a> )<br /><br />Great stuff Dave =) I wrote an similar article on security with ASP .. I read your "Secure PHP" and that gave me the idea, so thanks =P

tag:addedbytes.com,2008:1059202008-10-26T17:42:24+00:002008-10-26T17:42:24Z

Comment by James Moss ( <a href="http://www.jamesmoss.co.uk">http://www.jamesmoss.co.uk</a> )<br /><br />A great (and simple) way to prevent session hijacking is to record the IP address of the user when they login in the session alongside the other data you want to store. <br /> <br /> Every time a user visits a page, compare their IP address to the one stored in the session. If they dont match then destroy the session and let them know what's happened.<br /> <br /> This can prevent 99.9%(*) of session hijacks.<br /> <br /> <br /> (* 56.8% of all statistics are made up on the spot)

tag:addedbytes.com,2008:1053382008-10-12T12:28:00+01:002008-10-12T12:28:00Z

Comment by O. Soteland ( <a href=""></a> )<br /><br />Wow. So many things I had to fix. Fortunately, I mostly just added a few lines of code to some files.<br /> <br /> And the idea of putting a blank index.html in all folders was nice.<br /> <br /> Thanks!

tag:addedbytes.com,2008:1050392008-09-29T22:12:11+01:002008-09-29T22:12:11Z

Comment by Anonymous ( <a href="http://www.highforce.com">http://www.highforce.com</a> )<br /><br />Thank you for the insite into cross-site forgery, it is a pity we have to protect so much against people that are bored with there lives and want to disrupt others.<br /> Thanks for your hard work keep it up..<br /> All the best from Alan

tag:addedbytes.com,2008:1047642008-09-25T14:21:40+01:002008-09-25T14:21:40Z