Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your developerWorks profile is displayed to the public, but you may edit the information at any time. Your first name, last name (unless you choose to hide them), and display name will accompany the content that you post.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

Select a language:

  • Close [x]
  • Close [x]

Locking down your PHP applications

Four security rules you can't violate

Thomas Myer (tom@tripledogs.com), Top Dog, Triple Dog Dare Media
Thomas Myer is the founder and top dog of Triple Dog Dare Media, an Austin, Texas, Web consultancy that specializes in information architecture, Web application development, and XML consulting. He is the author of No Nonsense XML Web Development with PHP, published by SitePoint.

Summary:  You know security is important, but the tendency is to put off adding security until the last minute. It's impossible to secure a Web application completely -- so why bother, right? Wrong. You can take some easy steps to make your PHP Web application orders of magnitude more secure.

Date:  23 May 2006
Level:  Intermediate
PDF:  A4 and Letter (354 KB | 19 pages)Get Adobe® Reader®

Activity:  23882 views
Comments:  

Before you start

Develop skills on this topic

This content is part of a progressive knowledge path for advancing your skills. See Web application security fundamentals

In this tutorial, you'll learn how to add security to your PHP Web applications. It is assumed that you've been coding PHP Web applications for at least a year, so it won't cover the basics of the language (either conventions or syntax). The goal is to make you more aware of what you should be doing to secure the Web applications you're building.

Objectives

This tutorial teaches you how to guard against the most common security threats: SQL injections, the manipulation of the GET and POST variables, buffer overflow attacks, cross-site scripting attacks, data manipulation inside the browser, and remote form posting.

Back to top

Prerequisites

This tutorial is written for PHP developers with at least one year of programming under their belts. You should know the syntax and the conventions of PHP coding; these won't be explained here. Some developers with experience in other languages -- such as Ruby, Python, and Perl -- can benefit from this tutorial because many of the precepts discussed here also relate to other languages and environments.

Back to top

System requirements

You need an environment running PHP V4 or V5 and MySQL. You can use Linux®, OS X, or Microsoft® Windows®. If you're on Windows, download the WAMPServer binaries to install Apache, MySQL, and PHP on your machine in one package.

1 of 12 | Next

Comments

Back to top

Close [x]

Help: Update or add to My dW interests

What's this?

This little timesaver lets you update your My developerWorks profile with just one click! The general subject of this content (AIX and UNIX, Information Management, Lotus, Rational, Tivoli, WebSphere, Java, Linux, Open source, SOA and Web services, Web development, or XML) will be added to the interests section of your profile, if it's not there already. You only need to be logged in to My developerWorks.

And what's the point of adding your interests to your profile? That's how you find other users with the same interests as yours, and see what they're reading and contributing to the community. Your interests also help us recommend relevant developerWorks content to you.

View your My developerWorks profile

Return from help

Close [x]

Help: Remove from My dW interests

What's this?

Removing this interest does not alter your profile, but rather removes this piece of content from a list of all content for which you've indicated interest. In a future enhancement to My developerWorks, you'll be able to see a record of that content.

View your My developerWorks profile

Return from help

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Open source
ArticleID=111533
TutorialTitle=Locking down your PHP applications
publish-date=05232006
author1-email=tom@tripledogs.com
author1-email-cc=

Table of contents

1 of 12 | Next

Next steps from IBM

With the no-charge DB2 Express-C, Zend Core PHP, and Java you can develop advanced Web 2.0 applications quickly that matter.

Tags

Help
Use the search field to find all types of content in My developerWorks with that tag.

Use the slider bar to see more or fewer tags.

Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).

My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

Use the search field to find all types of content in My developerWorks with that tag. Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere). My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

 

Dig deeper into Open source on developerWorks

Try IBM PureSystems. No charge.

IBM PureSystems on a kaleideoscope background

Experience today!

Get started with the cloud-based trial and pattern development kit.

Share this page:

  • Close [x]

Follow developerWorks:

  • Close [x]