Posted by Karl Nierler on 02/03/07 16:38

Hi everybody,

I am currently developing my first commercial (customer specific) PHP
application. This application is in fact nothing else than a content
management system with internal accounting capabilities for a small
business, based on MySQL. So in fact there is nothing extraordinary
about it.

My customers are worried abour security in PHP. I have written many
small PHP applications before where security wasn't a major concern. I
have always checked user input and posted variables and used
mysql_real_escape_string() or intval() to prevent SQL-injection and
htmlentities() to prevent CSS.

Users will be able to log in to the system, book events and so on.
This will be done by session variables.

Are there any well known and common mistakes, things that usually are
not thought about? Any security related things that I should
definitely not do? I know there is good literature out there about
this topic and I have consulted some PHP books and websites. But no
book can substitute an expert's experience.

Any piece of advice is gladly appreciated!
Thanks!
Karl

• Next in forum: Re: Weird Permissions Problem With Includes
• Prev in forum: Re: I have sub-categories but want to display full category path
• Thread view: Looking for PHP security tips

[Reply to this message]