Comments on Writing Secure PHP - AddedBytes.comLatest comments on Writing Secure PHP on AddedBytes.comDave Child2004-07-16T10:07:15Ztag:addedbytes.com,2004:130Comment on Writing Secure PHPComment by Hamman Samuel ( <a href="http://samuel.sveit.com">http://samuel.sveit.com</a> )<br /><br />This is a super site, especially this article on PHP security. I'm kind of an intermediate programmer in PHP and am just starting to learn about security. This was more comprehensive than all my searches of the previous 2-3 months! Would you believe I got to this site while searching for a regular expression cheat sheet! 2-in-1 :)tag:addedbytes.com,2008:1047362008-09-23T12:34:37+01:002008-09-23T12:34:37ZComment on Writing Secure PHPComment by Rajassegarin ( <a href="http://www.ipodvideos.in">http://www.ipodvideos.in</a> )<br /><br />It's really a very good article. All the PHP learners should aware of these attacks. Thanks for the nice post.tag:addedbytes.com,2008:1046612008-09-19T05:53:45+01:002008-09-19T05:53:45ZComment on Writing Secure PHPComment by Joe ( <a href="http://codertips.com">http://codertips.com</a> )<br /><br />You may want to write about the new PDO class in PHP which can sanitize SQL queries for you. It is useful to learn and a lot of languages use similar features.tag:addedbytes.com,2008:1044802008-09-11T15:32:03+01:002008-09-11T15:32:03ZComment on Writing Secure PHPComment by web development & programming ( <a href="http://www.amcoitsystems.com">http://www.amcoitsystems.com</a> )<br /><br />Hi, I am project Manager and i delivered this blog to my PHP developer because i found great stuff.Thankstag:addedbytes.com,2008:1041742008-09-05T07:15:19+01:002008-09-05T07:15:19ZComment on Writing Secure PHPComment by My Webiste Adviser ( <a href="http://www.mywebsiteadviser.com">http://www.mywebsiteadviser.com</a> )<br /><br />SQL injection is a serious problem, you can add additional checks:<br />
<br />
$_GET['userid'] = str_replace("'", "", $_GET['userid']);<br />
Remove all ' symbols from the userid string.<br />
<br />
$_GET['userid'] = str_replace(" ", "", $_GET['userid']); <br />
Remove all spaces from the userid string.<br />
<br />
$_GET['userid'] = trim( htmlspecialchars(addslashes($_GET['userid'])) );<br />
Returns a string with backslashes before special characters and change special character (for example from & to &<br />
<br />
All these steps will prevent your website from running malicious SQL scripts.tag:addedbytes.com,2008:1040462008-08-29T07:30:17+01:002008-08-29T07:30:17ZComment on Writing Secure PHPComment by patrickd ( <a href="http://infoos.net">http://infoos.net</a> )<br /><br />thnx! you got great stuffs in here guys. learned a l0ttag:addedbytes.com,2008:992952008-07-19T02:26:33+01:002008-07-19T02:26:33ZComment on Writing Secure PHPComment by Phillip ( <a href="http://humanbagel.com">http://humanbagel.com</a> )<br /><br />Decent list, but doesn't cover XSS, which is the most common exploit today.<br />
Fix the SQL injection with the addslashes() function, easy fix. XSS is more difficult, but can be done with open source functionstag:addedbytes.com,2008:954232008-05-16T06:23:41+01:002008-05-16T06:23:41ZComment on Writing Secure PHPComment by mohamed rami ( <a href=""></a> )<br /><br />Thanks Alot for This Article ,its very
<br />usefulltag:addedbytes.com,2008:859372008-04-04T10:37:27+01:002008-04-04T10:37:27ZComment on Writing Secure PHPComment by Alex Tokar ( <a href="http://www.atokar.net/">http://www.atokar.net/</a> )<br /><br />Very nice article for new PHP developers.tag:addedbytes.com,2008:839922008-03-27T13:55:27+00:002008-03-27T13:55:27ZComment on Writing Secure PHPComment by techguide ( <a href="http://http://www.devanggandhi.net/">http://http://www.devanggandhi.net/</a> )<br /><br />I am new to PHP and this was really helpfultag:addedbytes.com,2008:794222008-02-27T20:42:42+00:002008-02-27T20:42:42Z