Security is a very important aspect of programming. In PHP, there are few useful functions which is very handy for preventing your website from various attacks like SQL Injection Attack , XSS attack etc.Let’s check few useful functions available in PHP to tighten the security in your project. But note that this is not a complete list, it just list of functions which I found useful for using in your project.
1) mysql_real_escape_string() - This function is very useful for preventing from SQL Injection Attack in PHP . This function adds backslashes to the special characters like quote , double quote , backslashes to make sure that the user supplied input are sanitized before using it to query. But, make sure that you are connected to the database to use this function.
2) addslashes() – This function works similar as mysql_real_escape_string(). But make sure that you don’t use this function when “magic_quotes_gpc” is “on” in php.ini. When “magic_quotes_gpc” is on in php.ini then single quote(‘) and double quotes (“) are escaped with trailing backslashes in GET, POST and COOKIE variables. You can check it using the function “get_magic_quotes_gpc()” function available in PHP.
3) htmlentities() – This function is very useful for to sanitize the user inputted data. This function converts the special characters to their html entities. Such as, when the user enters the characters like “<” then it will be converted into it’s HTML entities < so that preventing from XSS and SQL injection attack.
4) strip_tags() – This function removes all the HTML, JavaScript and php tag from the string. But you can also allow particular tags to be entered by user using the second parameter of this function. For example,
echo strip_tags(“<script>alert(‘test’);</script>”);
will output
alert(‘test’);
5) md5() – Some developers store plain password in the database which is not good for security point of view. This function generates md5 hash of 32 characters of the supplied string. The hash generated from md5() is not reversible i.e can’t be converted to the original string.
6) sha1() – This function is similar to md5 but it uses different algorithm and generates 40 characters hash of a string compared to 32 characters by md5().
7) intval() – Please don’t laugh. I know this is not a security function, it is function which gets the integer value from the variable. But you can use this function to secure your php coding. Well, most the values supplied in GET method in URL are the id from the database and if you’re sure that the supplied value must be integer then you can use this function to secure your code.
$sql=”SELECT * FROM product WHERE id=”.intval($_GET['id']);
As, you can see above, if you’re sure that the input value is integer you can use intval() as a secrity function as well.
|
This page was last modified on 09 Sep 2010 at 23:59:40. |
Gautam Kumar EDP Manager  http://www.w3schools.in |
 |
» CodeIgniter A recommendation for PHP Programmer
» PHP Framworks Why when and which
» Solving Floating point number precision lost problem in PHP
» Handling array of HTML Form Elements in JavaScript and PHP
» How to filter user submitted data easily in PHP
» Prevent form post request from another domain in PHP
» Flaw in and or logical operator php
» Default arguments functions php
» Submit Form without Refreshing Page with Jquery
» MySQL Performance Tips
» Free ajax chat applications in PHP
» Return More Than One Value From a Function in PHP
» PHP Optimization Tips
» PHP Error Handling
» Useful PHP Classes and Libraries
» Useful Tools For PHP Developers
» PHP Frameworks
» Web based HTML Editors
» 301 redirect in PHP and .htaccess
» Hiding PHP file extension
» Rredirect Browser HTTPS SSL PHP
» Tighten php security functions
» PHP Framworks