Webmaster Security

PHP Security Help

Submitted by killerlowrider, , Thread ID: 77386

Thread Closed
26-02-2018, 11:10 PM
#1
[color=rgba(255, 255, 255, 0.7)]Hi everyone!

I recently got into PHP coding and I'm wondering what I can do to prevent SQL injection attacks, and various sorts of XSS attacks that may make my website vulnerable to hackers?

[/color]


[color=rgba(255, 255, 255, 0.7)]I'm looking for some pro tips.

[/color]


[color=rgba(255, 255, 255, 0.7)]Thanks in Advance!
[/color]

RE: PHP Security Help

#2
Hi killerlowrider,

I'll recommed you to study the guidelines of OWASP, which will teach you how security works in detail and also how to implement them. In the following link some information about XSS protection is shared: https://www.owasp.org/index.php/XSS_(Cro...heat_Sheet

There are tons of ways to secure your website and implement different techniques. Do you have some doubts or a specific question, feel free to ask them here. Personally (regardless of the programming language) I always search on Google, and specifically on StackOverflow, e.g.: Use prepared statements and parameterized queries: https://stackoverflow.com/questions/6017...ion-in-php

Sincerely,
0x1994

RE: PHP Security Help

#3
Probably the bestplace to start is to learn about the filter_var() function and how to use it to sanitize/validate data in order toprevent injection attacks... it's a lot easier than it looks at first glance:

-W3 Schools: PHP filter_var() function
-PHP Manual: filter_var()

Life is like a box of chocolates, it doesn't last as long for fat people.

RE: PHP Security Help

#4
Some tips:

- Use htmlspecialchars() every time you must display content inserted in DB by an user.
- Use prepared statements every time you must insert data from the user in DB
- Be careful with cookies, and when you store password. Always encrypt + salt.

RE: PHP Security Help

#5
You already have some solid suggestions, prepared statements are probably the first and most powerful thing you can really do to protect your site, next using filter_vars. I'd suggest you also protect your site against cross site scripting attacks, all major PHP frameworks should have this functionality in place to help you.

RE: PHP Security Help

#6
suggest you also protect your site against cross site scripting attacks, all major PHP frameworks should have this functionality in place to help you.

RE: PHP Security Help

#7
I'm a little lay in this part but to protect your php code would not it be a good idea to use Zend Optimizer or Zend Guard Loader?

RE: PHP Security Help

#8
if anyone here can set this up for me please dm me im willing to pay for assistance

RE: PHP Security Help

#9
If I were you, I would use PDO. You can read more about it here http://php.net/manual/en/ref.pdo-mysql.php. This article will help you with understanding why this helps prevent injection https://websitebeaver.com/php-pdo-prepar...-injection.

RE: PHP Security Help

#10
use prepared statement and a templating system to stop xss injectin

Users browsing this thread: 6 Guest(s)