How secure is PHP?

php security include suhosin
slimbo picture slimbo · Oct 6, 2009 · Viewed 17.1k times · Source

I am somewhat new to PHP coding and I am aware that malicious users can hack a website if you have not sanitized your PHP code. What I am wondering is whether they need a data entry box (like for file submissions, or user-name/password entry fields)?.

Do commands like "include (header.php)" also need some sort of security or are they innately safe?

Answer

Steven picture Steven · Oct 6, 2009

Just like any other language, PHP code is as secure as the programmer writes it.

Also like any other language, individual (and even common) security risks are too numerous and detailed to include in a StackOverflow answer.

Find a book which covers Secure PHP coding.

Related questions

How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')"); That's …

Read More
How can I sanitize user input with PHP?

Is there a catchall function somewhere that works well for sanitizing user input for SQL injection and XSS attacks, while still allowing certain types of HTML tags?

Read More
How do you Encrypt and Decrypt a PHP String?

What I mean is: Original String + Salt or Key --> Encrypted String Encrypted String + Salt or Key --> Decrypted (Original String) Maybe something like: "hello world!" + "ABCD1234" --> Encrypt --> "2a2ffa8f13220befbe30819047e23b2…

Read More