• home
  • Email: trainings@synapseindia.careers



Important Tips to Write PHP Code Defensively

Jul 27, 2015

SynapseIndia CEO Shamit Khemka talks about the phenomenal growth of PHP applications has also led to a mushrooming of increased quantum of malicious activity. It thus becomes imperative that you write secure PHP code to protect your website. SynapseIndia researched cases of various PHP patterns for the same.

The three most vulnerable aspects of PHP that can become easily accessible to anyone are XSS (Cross Site Scripting), Global Variables and SQL code.


The growth of XSS has followed a steady growth in the use of AJAX. Cross Site Scripting, for instance is used when you create a Comment section in your website. If the commentator has to log in to comment, his login information gets stored in a cookie. As the JavaScript code is generally run whenever a person writes the comment, there is a pretty good chance of the contents of the cookie being accessible to a remote server handled by a malicious user.

To counter this, make a habit of including filters whenever you request for random information. Use the die() function to exit from the task whenever the filters detect an unqualified input. The details that are typed are first filtered and then sent to the website’s database. Again the information is filtered before it is output.

Global Variables

The PHP feature “Register Globals” leads to a palpable lacuna in programming safety. Once this feature is activated in PHP configuration file, even a single variable that is to uninitialized, can lead to a great security flaw.

SQL Code

The SQL code is vulnerable to malicious users just like XSS feature. To write a secure SQL code added by Shamit Khemka you need to remember a couple of things. First avoid using dynamic code and second, if dynamic code in inevitable then do not have direct input into the tables.

Latest SynapseIndia Recruitment plan for PHP web developers in various positions in SynapseIndia.

SynapseIndia(CEO: Shamit Khemka)