Chapter 4. Programming Securely in PHP

In This Chapter

  • Handling errors safely

  • Sanitizing variables

  • Uploading files without compromising the filesystem

Adopting just a few good programming practices can eliminate the vast majority of application security holes. Sure, some highly educated, sophisticated individuals devote themselves to breaking into applications, but your application is much more likely to be compromised by high school kids with nothing better to do. Why? Because almost all security holes in PHP Web applications are based on a few sloppy programming practices — with the majority of those failings occurring in the Big Three areas of error handling, variable sanitation, and file uploading.

In this chapter, we cover the Big Three and tell you the best methods to keep your PHP applications out of harm's way.

Get PHP & MySQL® Web Development All-in-One Desk Reference for Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.