PHP security

PHP security

PHP security tips

1. Avoid the use of global variables. Hence it must be ensured that register_globals option is not enabled.

2. Use of variables designed to be set by GET or POST requests.

3. Store passwords in an encrypted format

4. Avoid storing credit card and other secured information. Trust a third party gateway.

5. Make use of server side validations and avoid trusting the user input.

Example: if the expected value is integer, use the intval function.
$post_id = intval($_GET['post_id']);
mysql_query("SELECT * FROM post WHERE id = $post_id");

6. Avoid using user input directly in the query. Mysql_real_escape_string()

7. Always use the updated version of php.

How can we encrypt the username and password using PHP?

User names and passwords in PHP can be encrypted using md5 function.
MD5 function calculates the md5 hash of a string. It is basically used for encryption. It is also used for digital signature applications, where a large file must be "compressed" in a secure manner.


Crypt() function can also be used to encrypt a string. It used MD5, DES or blow fish algorithms for encryption.

Crypt(str, salt)

Salt is an optional parameter used to increase the number of characters encoded, to make the encoding more secure.

Explain the changing file permission and ownership using PHP's chmod() function.

Chmod() is used for changing permissions on a file.

Chmod(file, mode)

Mode here specifies the permissions as follows:

- The first number is always zero
- The second number specifies permissions for the owner
- The third number specifies permissions for the owner's user group
- The fourth number specifies permissions for everybody else

Possible values (to set multiple permissions, add up the following numbers)

- 1 = execute permissions
- 2 = write permissions
- 4 = read permissions

// everything for owner, read for owner's group
PHP handling file uploads
PHP handles file uploads through different method. POST method uploads: This allows user to upload both text and binary files..
PHP creating and deleting directories
Creating directories: PHP’s mkdir() can be used to create directories. It takes two parameters; path to desired directory and the permission..
PHP creating, moving, copying and deleting files
PHP creating, moving, copying & deleting files - Copy files: Copies files from “source” to “destination”. If the destination file exists it will be overwritten. it returns true on success...
Post your comment