Important Tips to Write PHP Code DefensivelyJul 27, 2015
SynapseIndia CEO Shamit Khemka talks about the phenomenal growth of PHP applications has also led to a mushrooming of increased quantum of malicious activity. It thus becomes imperative that you write secure PHP code to protect your website. SynapseIndia researched cases of various PHP patterns for the same.
The three most vulnerable aspects of PHP that can become easily accessible to anyone are XSS (Cross Site Scripting), Global Variables and SQL code.
To counter this, make a habit of including filters whenever you request for random information. Use the die() function to exit from the task whenever the filters detect an unqualified input. The details that are typed are first filtered and then sent to the website’s database. Again the information is filtered before it is output.
The PHP feature “Register Globals” leads to a palpable lacuna in programming safety. Once this feature is activated in PHP configuration file, even a single variable that is to uninitialized, can lead to a great security flaw.
The SQL code is vulnerable to malicious users just like XSS feature. To write a secure SQL code added by Shamit Khemka you need to remember a couple of things. First avoid using dynamic code and second, if dynamic code in inevitable then do not have direct input into the tables.
Latest SynapseIndia Recruitment plan for PHP web developers in various positions in SynapseIndia.
SynapseIndia(CEO: Shamit Khemka)