Common Mistakes

[proggR]

Hey. I'm going to be starting to host my site within the next month and will be posting it for critique and beta test and was taking a look at the beta test section of the forum and notice a lot of issues that arise that the posters weren't aware of. Now I'm curious to know if I'll be having the same thing happen with mine and want to do what I can to avoid any major issues.  I was wondering if people could post common issues that come up with websites that you may not notice and ways to avoid them.

My website uses a lot of includes and arrays that gather filenames from text files. That alone sounds pretty unsecure to me so I wanted to see if there's anyway to make them less susceptible to threats and to check for any other problems I may have missed.

Thanks in advance for anyone's expertice.

[.josh]

There's really no way we can give you any kind of relevant advice without details (link to your site, code, etc...).  There are lots of different mistakes people make; you can fill a whole book up with them.  For example, for all I know, you could be using superglobals.  I'd tell you not to use them.  Or you could tell me that you already know not to use them.  The point is, we're not psychic.  That's the whole point of beta testing: to find the relevant mistakes/issues. 

[proggR]

Ok thanks. I understand. I was just curious as to whether or not there are things that are more common mistake than others. I'll post a link when its uploaded.

[corbin]

http://www.google.com/search?hl=en&q=php+common+security+mistakes&btnG=Google+Search

 

 

In all seriousness though, the main problem I see is when people trust users.  (Yeah, "trust users," not "trust users too much.")

 

Never take anything as safe from a user.

 

Besides that, there's really no catch-all advice.

[ignace]

In development, don't think in users, think in hackers, and think that they will be hacking every piece of your website and then go crazy!!  Oh, I just love webdevelopment