Security Issues?

[rockinaway]

I am going to make a homepage for my cricket forum and I was wondering what are the security issues I will have and how to tackle them.

 

The basic outline of the website will be:

 

- Main pages pulling stuff from SMF DB, and some member info. Other stats aswell

- 1 class file, which constructs header, footer, error messages, sidebars and later other stuff.

- 1 connect file containing global require of language and also my MySQL information to connect to DB

- I will also give the ability for registered users to add player profiles, stadium profiles etc via a form. This will then automatically generate the page. I will also have the ability for editing by any user, and then it shows who last edited the page. Later on I also will be adding player rating function.

 

Any security things, I know about mysql_something something for when you enter things into a form, pelase can someone explain more. Also there will have to be some security on the DB connect file, will I have to CHMOD it?

[rockinaway]

----BUMP-------

[Daney11]

Hi mate,

 

Have a read of http://www.sitepoint.com/article/php-security-blunders

 

http://www.eruditesys.com/web-design-articles/php-and-mysql-security.html

 

http://php.about.com/od/security/Security_for_PHP_and_MySQL.htm

 

and use http://uk.php.net/mysql_real_escape_string when extracting things from the database

[monk.e.boy]

test everything with some good test names:

 

Jeff O'Connor
Mr Minus --
Mr Slash /* # -- DROP
Mr quote 'o"o'o"

 

And also try foreign characters: 请放心购

 

monk.e.boy

[rockinaway]

Thanks.. alot to read there!