I have implemented a project on PHP/MYSQL now i needs to secure my project, please let me know the security issues and how to tackle in PHP
+3
A:
I have implemented a project on PHP/MYSQL now i needs to secure my project
Here is your problem. Security should not be an afterthought.
But, to help in your task, check the OWASP top 5 for PhP, the rest of the site should also be read. I put together a list of things which we see often and need to be checked here also : http://stackoverflow.com/questions/2951917/historical-security-flaws-of-popular-php-cmss/2951991#2951991 (CSRF, password storage and parameterized queries are some of my pet peeves).
Arkh
2010-06-10 07:31:22
A:
Sarfaz's links are a good place to start. Pay special attention to SQL Injection. This is the most common one I see in PHP applications.
Abe Miessler
2010-06-10 15:04:09
A:
One tip from me is to use mysqli with prepared statements. I think it's a good practice.
hellozimi
2010-06-10 15:08:46
+2
A:
SO user bobince's only question to date deals with security-conscious PHP and is worth a read if you want to get deeply into the issue (which is the only real way of building secure software.)
Pekka
2010-06-10 15:25:39
A:
Step 1) Use *mysql_real_escape_string()* on any incoming user input
Step 2) Read this: http://phpsec.org/projects/guide/
TheLQ
2010-06-10 17:43:26
Use *mysql_real_escape_string()* on any incoming user input is incredible ignorant sentence. it is sql related function, not input related. not user only input but any input. It is not a silver bullet automatically protecting your query, but just one rule from the whole set, useless then used alone.
Col. Shrapnel
2010-06-10 18:56:31
What? OP asked about securing PHP/MYSQL. So why would you not use an SQL function to secure SQL input?!
TheLQ
2010-06-10 19:09:38