Hello!

I am learning PHP again and I always hear there are so many security risks and things you have to make sure you cover. How long does it take to write secure code and will PHP code ever be bulletproof? When you guys write PHP, do you feel like it is very secure and how long did it take to feel that way? Right now whatever I write feels like it probably is very weak. When you talk about PHP security, is the main issue about hackers getting into the database and people crashing your servers (by spamming searches with bots and loops)? Are there any other issues?

Does ASP have security risks? I don't hear that much about it, even though they serve for the same purpose?

Are these good links to learn about PHP security? Any others?
http://php.net/manual/en/security.php
http://phpsec.org/projects/guide/1.html

PHP itself is reasonably secure so as long as you write your code properly you shouldn't have any problems. The security issues all relate to slack coding and so are equally applicable to ANY language and the only reason that PHP gets mentioned is that more people who don't know how to code properly use PHP than use the alternatives.

The thing I have noticed that causes most security issues is that people forget to validate the inputs before they start processing them. Even where that doesn't produce security issues it still allows junk values to be entered and processed. If all user inputs are properly validated and all outputs are appropriately escaped when necessary then the risk of any security issues is reduced to a minimum without having started on adding any code specifically for security.

Thank you!

for validating the User Input, check out PHP’s Filter Functions (http://php.net/filter).

Take a look at this http://ha.ckers.org/xss.html