Best PHP.ini settings to improve security

php security phpinfo
nish picture nish · Jul 30, 2013 · Viewed 26.6k times · Source

What core php.ini file settings we need to pay much attention in terms of improving security?

Answer

Christos Papoulas picture Christos Papoulas · Jul 30, 2013

You can begin with:

http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html

it has a lot of practices to start dealing with security. This link provides several issues to start with such as:

  1. XSS
  2. SQL injection
  3. File uploads
  4. Including local and remote files
  5. eval()
  6. Cross-site request forgery - CSRF

Related questions

How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')"); That's …

Read More
How can I sanitize user input with PHP?

Is there a catchall function somewhere that works well for sanitizing user input for SQL injection and XSS attacks, while still allowing certain types of HTML tags?

Read More
How do you Encrypt and Decrypt a PHP String?

What I mean is: Original String + Salt or Key --> Encrypted String Encrypted String + Salt or Key --> Decrypted (Original String) Maybe something like: "hello world!" + "ABCD1234" --> Encrypt --> "2a2ffa8f13220befbe30819047e23b2…

Read More