php security issue.

zgkhoo · October 7, 2007

hi,

currently i designing one website using php,

may i know wat security issue need to be concern when design it?

eg to prevent hacker hijack the browser or hack the website.

or have any url talk abt this?

thanks....

darkfreaks · October 7, 2007

LOL use sessions instead of cookies, make sure you escape your SQL with mysql_real_escape_string and strip_tags.

zgkhoo · October 7, 2007

mysql_real_escape_string and strip_tags. <---wats that? " <---this?

just concern wat u meantion? nothing else?

d.shankar · October 7, 2007

mysql_real_escape_string wards off SQL Injection attacks

strip_tags wards off XSS Attacks

Hope that makes a little sense

ludjer · October 7, 2007

this is a function i run before i put anything into a sql query

<?php
function sql_safe($value) 
{
    if (get_magic_quotes_gpc()) 
    {
        $value = stripslashes($value);
    }
    if (!is_numeric($value) || $value[0] == '0')
    {
        $value = mysql_real_escape_string($value);
    }
    return $value;
}
?>

i also run this function to what ever the user puts in:

$comment = htmlspecialchars($comment);

htmlspecialchars() takes away all the html characters read more about it here

http://za.php.net/manual/en/function.htmlspecialchars.php

also have a look here

http://www.talkphp.com/showthread.php?p=1804#post1804

Sign In

php security issue.

Recommended Posts

zgkhoo

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

zgkhoo

Link to comment

Share on other sites

d.shankar

Link to comment

Share on other sites

ludjer

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information