Jump to content

Secure php coding?

xiao

By xiao
in PHP Coding Help

 Share

Recommended Posts

Xyphon Regular Member

Xyphon

Posted
Posted

I can help a bit.

 

For a lot of things, use double quotes, insted of single. Well, its hard to explain when to use double or single, read up on it.

 

Also, use 

<br />

insted of 

<br>

 

Use <?PHP insted of <? or <?php

 

And check for a lot of possible things. My friend has everything, literally EVERYTHING secure on his site. the battle's 7000+ lines long. Even macros are unusable.

Link to comment
Share on other sites
Crew-Portal Regular Member

Crew-Portal

Posted
Posted

I can help a bit.

 

For a lot of things, use double quotes, insted of single. Well, its hard to explain when to use double or single, read up on it.

 

Also, use 

<br />

insted of 

<br>

 

Use <?PHP insted of <? or <?php

 

And check for a lot of possible things. My friend has everything, literally EVERYTHING secure on his site. the battle's 7000+ lines long. Even macros are unusable.

 

What its not more security safe using <?php <?PHP or <? they all do the same thuing. as far a <br> and <br /> They do the exact same except <br> is for Html While <br /> is for Xhtml.

Link to comment
Share on other sites
xiao Member

xiao

Posted
  • Author
Posted

I can help a bit.

 

For a lot of things, use double quotes, insted of single. Well, its hard to explain when to use double or single, read up on it.

 

Also, use 

<br />

insted of 

<br>

 

Use <?PHP insted of <? or <?php

 

And check for a lot of possible things. My friend has everything, literally EVERYTHING secure on his site. the battle's 7000+ lines long. Even macros are unusable.

I'm not a PHP-guru, but can someone maybe explain how that are security leaks?

I thought 

<br>

was just old HTML and 

<br/>

was XHTML

Link to comment
Share on other sites
xiao Member

xiao

Posted
  • Author
Posted

ok, already thought so.

Another small question.

In one of the links posted above, it states that I should always use 

error_reporting(E_ALL);

I assume that while developping.

Would it help if I disable error reporting when running my site online (if that's possible), or report as few errors as possible?

Link to comment
Share on other sites
CMC Member

CMC

Posted
Posted

Yes report errors during development but when the site is actually in use turn off error reporting. A good way to display user-friendly errors is using the try/catch block.

 

ex:

<?php
try{
$number = 1;
if($number != 2){
throw new Exception("Not the right number");
}else{
echo $number;
}
}catch(Exception $e){
echo $e->getMessage();
}
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.