Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPro.org:
PHP Security
Sep 18, 2008 @ 13:04:31

Kevin Waterson has posted a new article to his site today - an introductory look at security in your PHP applications.

One of the great benefits of PHP is its ease of access to new-comers. Its entry level is minimal and so attracts those looking for simple scripts to their sites. It is this same ease of access that becomes a problem as the new-comers begin to deal with input from users. Failure to adequately validate and sanitize data is the leading cause of security problems when dealing with PHP.

He looks at a few different areas that developers need to focus on (and be sure to filter on) like PHP_SELF, protection from email header injections, file inclusion and the use of error reporting to make handling user-generated errors "more correct".

tagged: security tutorial phpself email header include error reporting

Link: