Webmaster Security

PHP Security Help

Submitted by killerlowrider, , Thread ID: 77386

Thread Closed
26-02-2018, 11:10 PM
#1
[color=rgba(255, 255, 255, 0.7)]Hi everyone!

I recently got into PHP coding and I'm wondering what I can do to prevent SQL injection attacks, and various sorts of XSS attacks that may make my website vulnerable to hackers?

[/color]


[color=rgba(255, 255, 255, 0.7)]I'm looking for some pro tips.

[/color]


[color=rgba(255, 255, 255, 0.7)]Thanks in Advance!
[/color]

RE: PHP Security Help

0x1994
Novice
Level:
0
Reputation:
0
Posts:
20
Likes:
1
Credits:
29
27-02-2018, 05:32 PM
#2
Hi killerlowrider,

I'll recommed you to study the guidelines of OWASP, which will teach you how security works in detail and also how to implement them. In the following link some information about XSS protection is shared: https://www.owasp.org/index.php/XSS_(Cro...heat_Sheet

There are tons of ways to secure your website and implement different techniques. Do you have some doubts or a specific question, feel free to ask them here. Personally (regardless of the programming language) I always search on Google, and specifically on StackOverflow, e.g.: Use prepared statements and parameterized queries: https://stackoverflow.com/questions/6017...ion-in-php

Sincerely,
0x1994

RE: PHP Security Help

Bassdrop
Neurofunk Selecta
Divine
Level:
0
Reputation:
72
Posts:
593
Likes:
109
Credits:
11.6K
11-03-2018, 04:44 PM
#3
Probably the bestplace to start is to learn about the filter_var() function and how to use it to sanitize/validate data in order toprevent injection attacks... it's a lot easier than it looks at first glance:

-W3 Schools: PHP filter_var() function
-PHP Manual: filter_var()

Life is like a box of chocolates, it doesn't last as long for fat people.

RE: PHP Security Help

ed3410
Newbie
Level:
0
Reputation:
0
Posts:
15
Likes:
0
Credits:
15
10-07-2018, 07:09 PM
#4
Some tips:

- Use htmlspecialchars() every time you must display content inserted in DB by an user.
- Use prepared statements every time you must insert data from the user in DB
- Be careful with cookies, and when you store password. Always encrypt + salt.

RE: PHP Security Help

derekwilliam
Newbie
Level:
0
Reputation:
0
Posts:
15
Likes:
0
Credits:
15
23-08-2018, 10:54 PM
#5
You already have some solid suggestions, prepared statements are probably the first and most powerful thing you can really do to protect your site, next using filter_vars. I'd suggest you also protect your site against cross site scripting attacks, all major PHP frameworks should have this functionality in place to help you.

RE: PHP Security Help

vedat388
Lurker
Level:
0
Reputation:
0
Posts:
9
Likes:
0
Credits:
9
27-08-2018, 12:27 AM
#6
suggest you also protect your site against cross site scripting attacks, all major PHP frameworks should have this functionality in place to help you.

RE: PHP Security Help

29-09-2018, 09:41 PM
#7
I'm a little lay in this part but to protect your php code would not it be a good idea to use Zend Optimizer or Zend Guard Loader?

RE: PHP Security Help

shldd
Newbie
Level:
0
Reputation:
0
Posts:
14
Likes:
0
Credits:
19
05-10-2018, 06:28 AM
#8
if anyone here can set this up for me please dm me im willing to pay for assistance

RE: PHP Security Help

slushpuppy
Newbie
Level:
0
Reputation:
0
Posts:
14
Likes:
0
Credits:
0
15-12-2018, 09:37 AM
#10
use prepared statement and a templating system to stop xss injectin

Users browsing this thread: 1 Guest(s)