PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Reddit.com: Protecting against attack?

Note: This article was originally published at PHPDeveloper on 19 May 2012.
PHPDeveloper

In this recent post to Reddit.com, the question of application security is asked - the poster wants recommendations on how he should keep his app safe from would-be attackers:

I can code fairly well in PHP these days, but my security isn't so hot. Is there a tutorial or plugin you guys can recommend as to how I should be protecting my php pages/inputs? I want to avoid common attacks like XSS, inputs with NULL or DROP TABLE etc?

Responses on the post include recommendations related to:

  • Using the Chorizo scanner to find common issues in your code
  • Using PDO for database connections (with bound parameters)
  • Not trusting "$_SERVER"
  • Data sanitization

There's also links to a few other resources with more details.