Oh C asked:
I understand every PHP/MySQL script in the world is not 100% safe, I know how to code and stuff, but I just need to know what are some of the things I should do to make the script as secure as possible?
I understand every PHP/MySQL script in the world is not 100% safe, I know how to code and stuff, but I just need to know what are some of the things I should do to make the script as secure as possible?
Heres what I have so far:
- clean data passed through forms to prevent code injections
- crypt or md5 usernames and password
What else shoud I do to make my script secure?
3 Comments to 'What do i need to do to make a php/mysql script secure / safe?'
March 29, 2009
You may contact a script developer live at website like ,etc .
March 30, 2009
Run the script over an encrypted connection (https). You may want to have the script complain if it’s not.
April 1, 2009
stay away from Globals/SuperGlobals as much as you can.
Like you said, DO NOT trust any information passed from a user.
Do not allow direct input into a database. Always pass to a function/class to clean.
Try not to allow file uploads and if you do before uploading check EVERY THING. The file, the path it is going to, who it is from, the permissions on the directories etc.
Leave a comment