Comments on: PHP Security: Guidelines to Lock Down Your Website

By: Miquel

Miquel — Wed, 16 Dec 2009 20:58:39 +0000

I can only echo the misgivings of previous commenters and request that you please remove or amend this article. Whilst the intent behind it is laudable, it proposes unsafe solutions and it is irresponsible of you to continue to present them as such.

By: Jaspal Singh

Jaspal Singh — Sun, 08 Nov 2009 09:30:18 +0000

Excellent tutorial for PHP Freaks.
Thanks for sharing.

By: Danh ba web 2.0

Danh ba web 2.0 — Wed, 08 Jul 2009 11:04:11 +0000

Thanks for great tips, keep up !

By: ??????? 02 (29.06 - 05.07.2009) | ?????? ?? ?????? ????????

??????? 02 (29.06 - 05.07.2009) | ?????? ?? ?????? ???????? — Mon, 06 Jul 2009 15:37:59 +0000

[...] PHP Security: Guidelines to Lock Down Your Website [...]

By: Eiencafe.com --> New way to graphic

Eiencafe.com --> New way to graphic — Sun, 05 Jul 2009 12:04:06 +0000

Weekly Fave’s…

Another Sunday, another week favorites .
Week from June 28 to July 4, 2009:
Tutorials
Photoshop Grunge City Magic and special light effects need Apophysis, too Construct a Novel Victorian Theatre Setting How To Create An Abstract Body Portrait …..

By: Chris Boulton

Chris Boulton — Sun, 05 Jul 2009 00:20:03 +0000

There’s two types of sanitization – sanitization for input (saving) and sanitization for output.

addslashes() should NEVER be used to sanitize data for output unless you’re in a Javascript string or similar where you need it slashed.

htmlspecialchars/html_entities is what you want to do for any data that is being output to HTML, assuming you don’t want anything passed through.

mysql_real_escape_string() (or equivalent for other DB engine you’re using) is what should be used to escape input being supplied around in database queries. Of course, what’s even better are parameterized queries/prepared statements.

The “disable flash” is also awfully inadequate. Not to mention it’s easily bypassed if I do ….

Checking referring pages should also NEVER be relied upon from a security standpoint. Ever. It’s easily forged, can be disabled etc etc. The form keys however, are the correct approach.

By: 10 Great Design, Development And Inspirational Posts From Around The Web | Spyre Studios

Sat, 04 Jul 2009 18:28:41 +0000

[...] PHP Security: Guidelines to Lock Down Your Website: No website is safe from hackers so why not make sure yours is as secure as possible? This article from Design Reviver offers some priceless tips and techniques. [...]

By: reboltutorial

reboltutorial — Sat, 04 Jul 2009 00:52:43 +0000

Wow very nice pcitures, I’m impressed

By: Mike

Mike — Fri, 03 Jul 2009 07:43:24 +0000

Thanks for the tips, security is definitely a major concern when it comes to web development,

By: paviles

paviles — Thu, 02 Jul 2009 22:07:27 +0000

Muchas gracias por compartir este artículo. Muy concreto y completo!!