Jump to content


Photo

Securing php script....


  • Please log in to reply
1 reply to this topic

#1 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 18 September 2006 - 10:49 AM

I want to know how to secure my scripts from as much as I possibly can...

for $_GET
$_POST

so far for POST I use htmlentities and mysql real escape string...and for $_GET i have nothing.

thanks

-dan

#2 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 18 September 2006 - 10:54 AM

too big a question to answer!!!

suffice to say that in any situation where you use the users input in a query or file/dir creation deletion make sure that what ever they have entered contains what you expect and NOTHING else.

real_escape, preg_match, substr, preg_replace, strpos et. al. will be the tools of your trade from now on!!! ;)
follow me on twitter @PHPsycho




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users