Comments on: PHP Security: Guidelines to Lock Down Your Website

By: Cami

Cami — Sun, 26 Jun 2011 01:29:31 +0000

What a neat article. I had no inkinlg.

By: web development chennai

web development chennai — Fri, 15 Apr 2011 06:05:15 +0000

Its simply superbtool tips.Nice keep share with me.

By: website development chennai

website development chennai — Fri, 15 Apr 2011 06:02:48 +0000

Its an fantastic PHP tool to secure.And the explanation is superb.I am impressed about this post.wonderful and useful for us.Thanks and keep sharing.

By: Sherwin

Sherwin — Mon, 20 Sep 2010 12:32:58 +0000

Thanks a lot for the great tips. Security is indeed a very important factor to consider for our websites, especially now that there so many hostilities circling in the web.

By: Miquel

Miquel — Wed, 16 Dec 2009 20:58:39 +0000

I can only echo the misgivings of previous commenters and request that you please remove or amend this article. Whilst the intent behind it is laudable, it proposes unsafe solutions and it is irresponsible of you to continue to present them as such.

By: Jaspal Singh

Jaspal Singh — Sun, 08 Nov 2009 09:30:18 +0000

Excellent tutorial for PHP Freaks.
Thanks for sharing.

By: Danh ba web 2.0

Danh ba web 2.0 — Wed, 08 Jul 2009 11:04:11 +0000

Thanks for great tips, keep up !

By: ??????? 02 (29.06 - 05.07.2009) | ?????? ?? ?????? ????????

??????? 02 (29.06 - 05.07.2009) | ?????? ?? ?????? ???????? — Mon, 06 Jul 2009 15:37:59 +0000

[...] PHP Security: Guidelines to Lock Down Your Website [...]

By: Eiencafe.com --> New way to graphic

Eiencafe.com --> New way to graphic — Sun, 05 Jul 2009 12:04:06 +0000

Weekly Fave’s…

Another Sunday, another week favorites .
Week from June 28 to July 4, 2009:
Tutorials
Photoshop Grunge City Magic and special light effects need Apophysis, too Construct a Novel Victorian Theatre Setting How To Create An Abstract Body Portrait …..

By: Chris Boulton

Chris Boulton — Sun, 05 Jul 2009 00:20:03 +0000

There’s two types of sanitization – sanitization for input (saving) and sanitization for output.

addslashes() should NEVER be used to sanitize data for output unless you’re in a Javascript string or similar where you need it slashed.

htmlspecialchars/html_entities is what you want to do for any data that is being output to HTML, assuming you don’t want anything passed through.

mysql_real_escape_string() (or equivalent for other DB engine you’re using) is what should be used to escape input being supplied around in database queries. Of course, what’s even better are parameterized queries/prepared statements.

The “disable flash” is also awfully inadequate. Not to mention it’s easily bypassed if I do ….

Checking referring pages should also NEVER be relied upon from a security standpoint. Ever. It’s easily forged, can be disabled etc etc. The form keys however, are the correct approach.