Before you start
In this tutorial, you'll learn how to add security to your PHP Web applications. It is assumed that you've been coding PHP Web applications for at least a year, so it won't cover the basics of the language (either conventions or syntax). The goal is to make you more aware of what you should be doing to secure the Web applications you're building.
This tutorial teaches you how to guard against the most common security threats: SQL injections, the manipulation of the
POST variables, buffer overflow attacks, cross-site scripting attacks, data manipulation inside the browser, and remote form posting.
This tutorial is written for PHP developers with at least one year of programming under their belts. You should know the syntax and the conventions of PHP coding; these won't be explained here. Some developers with experience in other languages -- such as Ruby, Python, and Perl -- can benefit from this tutorial because many of the precepts discussed here also relate to other languages and environments.
You need an environment running PHP V4 or V5 and MySQL. You can use Linux®, OS X, or Microsoft® Windows®. If you're on Windows, download the WAMPServer binaries to install Apache, MySQL, and PHP on your machine in one package.