Snipplr

(PHP) File: SecurityImage.php - SecurityImage - PHP Classes - ezerick

Thu, 19 Jun 2008 09:07:06 GMT

(PHP) File: ProcessForm.php - SecurityImage - PHP Classes - ezerick

Thu, 19 Jun 2008 09:04:38 GMT

(PHP) File: exampleForm.php - SecurityImage - PHP Classes - ezerick

Thu, 19 Jun 2008 09:03:17 GMT

(PHP) Secure Undo magic_quotes - luizlopes

Fri, 16 May 2008 10:31:13 GMT

This was taken out of a presentation by eZ systems on PHP Best Practices

(PHP) Encode Email against spammers - iTony

Thu, 20 Mar 2008 11:40:49 GMT

this is not the ultimate secure way, but it's at least not displaying the email link

(PHP) Smart Quoting - AgentPhoenix

Thu, 24 Jan 2008 10:01:56 GMT

(PHP) Anti-SQL Injection Function - llbbl

Sun, 27 May 2007 11:53:02 GMT

(PHP) User input validation and security / general security in PHP and programming in general - pckujawa

Tue, 16 Jan 2007 23:02:38 GMT

I got most of these tips out of a great book published by O'Reilly (my favorite web-design publisher): "Programming PHP, 2nd Ed." by Lerdorf, Tatroe, and McIntyre. Another good book is "Essential PHP Security," also published by O'Reilly.

(PHP) Writing secure - berkes

Wed, 03 Jan 2007 13:53:30 GMT

(A) Better not to create files or folders with user-supplied names. If you do not validate enough, you can have trouble. Instead create files and folders with randomly generated names like fg3754jk3h and store the username and this file or folder name in a table named, say, user_objects. This will ensure that whatever the user may type, the command going to the shell will contain values from a specific set only and no mischief can be done. (B) The same applies to commands executed based on an operation that the user chooses. Better not to allow any part of the user's input to go to the command that you will execute. Instead, keep a fixed set of commands and based on what the user has input, and run those only. For example, (A) Keep a table named, say, user_objects with values like: username|chosen_name |actual_name|file_or_dir --------|--------------|-----------|----------- jdoe |trekphotos |m5fg767h67 |D jdoe |notes.txt |nm4b6jh756 |F tim1997 |_imp_ folder |45jkh64j56 |D and always use the actual_name in the filesystem operations rather than the user supplied names.

(PHP) Random validation (CAPTCHA) image - sorehead

Mon, 09 Oct 2006 11:36:14 GMT

Use this script in your contact form, for you whois query tool or just there where some extra validation is needed. A session will be created inside a dynamic image file (requires GD library). The random value of this image appears inside the generated CAPTCHA image. The user has to enter this value into formfield. This value will be checked while processing the form. Without entering this value a form will not be processed.