Staying Safe | Advanced PHP Security Tips

by Sozin - 28-04-2015, 07:49 PM
Nan Ihier Gelair Mordor
Jan 2015
2 Years of Service
Posted: 28-04-2015, 07:49 PM
Hello there. You might have already heard of basic php security like, escaping all input before putting that into database and using htmlentites to block html from executing, and using pdo, etc. But today I am going to list some more advanced tips on PHP security.

PDO & MySQLi(Bound params):

PDO is known to be vulnerable to an encoding flaw, as demonstrated here:
The attacker can get around your little mysqli_real_escape_string magic and exploit your website Smile

Coming straight to the point. You need to make sure:

If you:

* Use Modern Versions of MySQL (late 5.1, all 5.5, 5.6, etc) AND mysql_set_charset() / $mysqli->set_charset() / PDO's DSN charset parameter (in PHP ≥ 5.3.6)


* Don't use a vulnerable character set for connection encoding (you only use utf8 / latin1 / ascii / etc)

list will be updated. I am too tired atm.
Do not let your difficulties fill you with anxiety, after all it is only in the darkest nights that stars shine more brightly. - Ali(a.s)

Developer( PHP, Python, C++, HTML+CSS, JS I am available for Hire. Message Me for details.
28-04-2015, 08:23 PM
The last reply on this thread is older than a month. Please do not unnecessarily bump it.
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Log into an existing account.
1 Guest(s)