http://www.addedbytes.com/article/writing-secure-php/Latest comments on Writing Secure PHP on AddedBytes.comhttp://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by web development & programming ( <a href="http://www.amcoitsystems.com">http://www.amcoitsystems.com</a> )<br /><br />Hi, I am project Manager and i delivered this blog to my PHP developer because i found great stuff.Thankshttp://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by My Webiste Adviser ( <a href="http://www.mywebsiteadviser.com">http://www.mywebsiteadviser.com</a> )<br /><br />SQL injection is a serious problem, you can add additional checks:<br /> <br /> $_GET['userid'] = str_replace("'", "", $_GET['userid']);<br /> Remove all ' symbols from the userid string.<br /> <br /> $_GET['userid'] = str_replace(" ", "", $_GET['userid']); <br /> Remove all spaces from the userid string.<br /> <br /> $_GET['userid'] = trim( htmlspecialchars(addslashes($_GET['userid'])) );<br /> Returns a string with backslashes before special characters and change special character (for example from & to &amp;<br /> <br /> All these steps will prevent your website from running malicious SQL scripts.http://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by patrickd ( <a href="http://infoos.net">http://infoos.net</a> )<br /><br />thnx! you got great stuffs in here guys. learned a l0thttp://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by Phillip ( <a href="http://humanbagel.com">http://humanbagel.com</a> )<br /><br />Decent list, but doesn't cover XSS, which is the most common exploit today.<br /> Fix the SQL injection with the addslashes() function, easy fix. XSS is more difficult, but can be done with open source functionshttp://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by mohamed rami ( <a href=""></a> )<br /><br />Thanks Alot for This Article ,its very <br />usefullhttp://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by Alex Tokar ( <a href="http://www.atokar.net/">http://www.atokar.net/</a> )<br /><br />Very nice article for new PHP developers.http://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by techguide ( <a href="http://http://www.devanggandhi.net/">http://http://www.devanggandhi.net/</a> )<br /><br />I am new to PHP and this was really helpfulhttp://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by zyber16 ( <a href=""></a> )<br /><br />Damn, I had that ' OR 1=1 # hole on my personal website, got it fixed thanks to this article :)http://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by Adaptiv Media ( <a href=""></a> )<br /><br />Thanks, the global variables section was a great help. Also grateful for your mod_rewrite article ;o)http://www.addedbytes.com/article/writing-secure-php/comments/http://www.addedbytes.com/article/writing-secure-php/comments/Comment by A. ( <a href=""></a> )<br /><br />Don't forget mysql_real_escape_string(), with it your script is protected against SQL injections. I even use it for session variables, you can never be too sure. <br /> <br />Great article by the way.