PHP securitie?

[.jd.]

Right off the bat, what php security should be implemented into every script when written?

The basic security that every "new" php programmer should know..

Any help is greatly appreciated.

 

[Peter]

This is not something that can be answered with any satisfaction to be honest. Security is dependant on what you are programming.

Some things you should do is for example if register globals is enabled reverse the functionality (even better turn it off). Ensure all user input or any input you cannot gaurantee authenitcity for that it contains exactly as expected.

Ensure any data is escaped or made safe for the ntended target (mysql_real_escape_string for mysql for example or htmlentities for browsers etc etc). Also if for example you are asking someone's age ensure that the input is an int. If it is not an int purge the data and treat it as if it has not been entered. The same goes for any data

What is also paramount is that you test and double test any code written. Try to write it in an object orientated manner. Not only does this mean that you will be able to reuse the code easily and help stop replication of the same code but will also enable you to test the code thoroughly.

Also read up on security exploits and sites regarding security. 1 good site although neglected is phpsec.org. Also there is a guy called Chris Shiflett who is a PHP advocate. He does many talks, webcasts, articles etc regarding security. Take a look at his blog at http://shiflett.org/

 

[user-7256]

Disable register_globals.

 

[.jd.]

Thanks both of you for all the help.

.jd.