Go Back   CodingForums.com > :: Server side development > PHP
Reload this Page Guideline on PHP web application Security

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 09-27-2012, 10:19 AM   PM User | #1
Clydebrown
New to the CF scene

 
Join Date: Aug 2012
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Clydebrown is an unknown quantity at this point
Guideline on PHP web application Security
When you are developing your web application then Security should be the main concern during the developmental process. There are several factors you should consider to protect your web application from possible misuse. This post will enlighten us on the basics of PHP security. There are several issues that web developers should be aware of which are given below:

• Input Filtering : Filtering entire data from external sources.
• Output Filtering : Filtering entire data that results from the application.
• Database Queries should be error free.
• Hiding the display Errors.
Clydebrown is offline   Reply With Quote
Old 09-27-2012, 10:57 AM   PM User | #2
tangoforce
Senior Coder

 
tangoforce's Avatar
 
Join Date: Feb 2011
Location: Your Monitor
Posts: 3,504
Thanks: 45
Thanked 439 Times in 428 Posts
tangoforce will become famous soon enoughtangoforce will become famous soon enough
Quote:
Originally Posted by Clydebrown View Post
• Hiding the display Errors.


In a well written app there shouldn't be any errors yet alone any need to hide them. Instead you should be logging errors and handling them transparently so that the end users use of the site isn't disturbed.

FYI I'm a bit puzzled by your post. It comes across as a cross between a book / tutorial yet you've not really actually provided much more than an opening paragraph which is a bit odd for your first post. I thought it was spam but when I quoted your text there were no hidden image or url tags like most of the spam bots
__________________
Please wrap your code in [php] tags. It is a sticky topic and it HELPS us to HELP YOU!
TIP: Coding styles and $end errors :::::::::: TIP: Warning: Cannot modify header information - headers already sent :::::::::: TIP: Quotes / Parse error: syntax error, unexpected T_..
PHP Code:
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value. 
Explanation: The IE if(isset($_POST['submit'])) bug explained.
tangoforce is offline   Reply With Quote
Old 09-27-2012, 11:57 PM   PM User | #3
TylerB
New Coder

 
Join Date: Aug 2012
Location: Kalamazoo, MI
Posts: 39
Thanks: 0
Thanked 0 Times in 0 Posts
TylerB is an unknown quantity at this point
Yeah this isn't much of a guideline at all... What exactly did you just enlighten us on?
TylerB is offline   Reply With Quote
Old 09-28-2012, 03:38 AM   PM User | #4
Inigoesdr
Super Moderator


 
Inigoesdr's Avatar
 
Join Date: Mar 2007
Location: Florida, USA
Posts: 3,601
Thanks: 2
Thanked 397 Times in 390 Posts
Inigoesdr is a jewel in the roughInigoesdr is a jewel in the roughInigoesdr is a jewel in the rough
Quote:
Originally Posted by tangoforce View Post
In a well written app there shouldn't be any errors yet alone any need to hide them. Instead you should be logging errors and handling them transparently so that the end users use of the site isn't disturbed.
Disabling display_errors in a production environment is best practice. Logging and handling errors is good, but showing errors to the user is sure to disturb them the most.
Inigoesdr is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 07:44 PM.
Advertisement
Log in to turn off these ads.