djhawthorn
Technical User
Is there any document or tutorial on the best ways to secure PHP scripts and/or code within?
I've found one such document on securing mySQL statements in the PHP manual - ala, using sprintf() to validate input before running the query against the server.
Another hint I've heard is to use define() wherever possible, to lock in values into a constant for things that don't change, rather than assigning the value to a variable.
Are there any other hints?
Also, do I need to worry about people doing some form of HTTP POST from a remote machine into one of my scripts? Or does Apache automatically deny HTTP POSTS originating from remote scripts? If it doesn't, do I need to think about some sort of HTTP POST validation within my scripts?
Any help/hints/links are appreciated.
I've found one such document on securing mySQL statements in the PHP manual - ala, using sprintf() to validate input before running the query against the server.
Another hint I've heard is to use define() wherever possible, to lock in values into a constant for things that don't change, rather than assigning the value to a variable.
Are there any other hints?
Also, do I need to worry about people doing some form of HTTP POST from a remote machine into one of my scripts? Or does Apache automatically deny HTTP POSTS originating from remote scripts? If it doesn't, do I need to think about some sort of HTTP POST validation within my scripts?
Any help/hints/links are appreciated.