Jump to content

Recommended Posts

I can help a bit.

 

For a lot of things, use double quotes, insted of single. Well, its hard to explain when to use double or single, read up on it.

 

Also, use

<br />

insted of

<br>

 

Use <?PHP insted of <? or <?php

 

And check for a lot of possible things. My friend has everything, literally EVERYTHING secure on his site. the battle's 7000+ lines long. Even macros are unusable.

Link to comment
https://forums.phpfreaks.com/topic/81576-secure-php-coding/#findComment-414333
Share on other sites

I can help a bit.

 

For a lot of things, use double quotes, insted of single. Well, its hard to explain when to use double or single, read up on it.

 

Also, use

<br />

insted of

<br>

 

Use <?PHP insted of <? or <?php

 

And check for a lot of possible things. My friend has everything, literally EVERYTHING secure on his site. the battle's 7000+ lines long. Even macros are unusable.

 

What its not more security safe using <?php <?PHP or <? they all do the same thuing. as far a <br> and <br /> They do the exact same except <br> is for Html While <br /> is for Xhtml.

Link to comment
https://forums.phpfreaks.com/topic/81576-secure-php-coding/#findComment-414353
Share on other sites

I can help a bit.

 

For a lot of things, use double quotes, insted of single. Well, its hard to explain when to use double or single, read up on it.

 

Also, use

<br />

insted of

<br>

 

Use <?PHP insted of <? or <?php

 

And check for a lot of possible things. My friend has everything, literally EVERYTHING secure on his site. the battle's 7000+ lines long. Even macros are unusable.

I'm not a PHP-guru, but can someone maybe explain how that are security leaks?

I thought

<br>

was just old HTML and

<br/>

was XHTML

Link to comment
https://forums.phpfreaks.com/topic/81576-secure-php-coding/#findComment-414985
Share on other sites

ok, already thought so.

Another small question.

In one of the links posted above, it states that I should always use

error_reporting(E_ALL);

I assume that while developping.

Would it help if I disable error reporting when running my site online (if that's possible), or report as few errors as possible?

Link to comment
https://forums.phpfreaks.com/topic/81576-secure-php-coding/#findComment-414995
Share on other sites

Yes report errors during development but when the site is actually in use turn off error reporting. A good way to display user-friendly errors is using the try/catch block.

 

ex:

<?php
try{
$number = 1;
if($number != 2){
throw new Exception("Not the right number");
}else{
echo $number;
}
}catch(Exception $e){
echo $e->getMessage();
}
?>

Link to comment
https://forums.phpfreaks.com/topic/81576-secure-php-coding/#findComment-415067
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.