Themes, Templates and Scripts

Staying Safe | Advanced PHP Security Tips

Submitted by Sozin, , Thread ID: 3303

Thread Closed
Sozin
Nan Ihier Gelair Mordor
Divine
Level:
0
Reputation:
91
Posts:
2.33K
Likes:
375
Credits:
11K
28-04-2015, 07:49 PM
Working Not Working Link Down
#1
Hello there. You might have already heard of basic php security like, escaping all input before putting that into database and using htmlentites to block html from executing, and using pdo, etc. But today I am going to list some more advanced tips on PHP security.

PDO & MySQLi(Bound params):

PDO is known to be vulnerable to an encoding flaw, as demonstrated here: http://shiflett.org/blog/2006/jan/addsla...ape-string
The attacker can get around your little mysqli_real_escape_string magic and exploit your website Smile

Coming straight to the point. You need to make sure:

If you:

* Use Modern Versions of MySQL (late 5.1, all 5.5, 5.6, etc) AND mysql_set_charset() / $mysqli->set_charset() / PDO's DSN charset parameter (in PHP 5.3.6)

OR

* Don't use a vulnerable character set for connection encoding (you only use utf8 / latin1 / ascii / etc)



list will be updated. I am too tired atm.
Do not let your difficulties fill you with anxiety, after all it is only in the darkest nights that stars shine more brightly. - Ali(a.s)

Developer( PHP, Python, C++, HTML+CSS, JS I am available for Hire. Message Me for details.

1
AndresXZ09

Users browsing this thread: 1 Guest(s)