In a previous article, I talked about some common security vulnerabilities that can affect your PHP web application. But there are other things besides those ten (okay, seven) attacks to think about when you're developing. And so, this article offers a compendium of miscellaneous things that are security related; things you should do, things you shouldn't do, things that other people might try to do, whatever it takes to make an article long enough for my editor to be satisfied with it.

He talks some about the settings that you might need to tweak in your "php.ini" server-side configuration file, some hints on filtering data (like using filter_input) and what to watch out for with error reporting. He also mentions session fixation and the protection of user data and passwords to keep them out of the hands of would-be attackers.

Filter functions in PHP might not be sexy, but they can improve the stability, security, and even maintainability of your code if you learn how to use them correctly. In this article I'll explain why input validation is important, why using PHPs built-in functions for performing input validation is important, and then throw together some examples (namely using filter_input() and filter_var()), discuss some potential pitfalls, and finish with a nice, juicy call to action.

He talks about why validation is important to protect your application (and users) from malicious things like cross-site scripting. He emphasizes the use of PHP's own filter methods because they are established and, well, included in the language - no additional libraries needed. Example code is included showing how to use them to filter email addresses and check that something is an integer.

You can find out more about these functions on their manual pages: filter_input, filter_var.

This is an update to the Zend Framework Beta Release. The Zend Framework developers have been working very hard to improve the quality every week, and this Beta Refresh release includes their efforts so far. There have been 77 issues fixed since 0.9.2.

Updates in this release also include major changes to several modules - Zend_Controller, Zend_Db, Zend_Filter_Input, Zend_Pdf, and Zend_Service. Check out the Changelog for complete information on the updates.

There's also some great news included:

The next release should be Zend Framework 1.0.0 release candidate 1. The purpose of the 1.0 release is to reach a state of feature and API stability, and future development must enforce backward-compatibility. When we reach the milestone of 1.0.0 RC1, we will create a branch in our source code repository.