This entry will cover how to secure your web application when you do coding with PHP.

I assume you know the basics of PHP programming. I’m Using these security methods for many years. Because you cannot have security hole in a large applications where you have customer data, movies, audios and among others.

Let’s start with simple security where you pass value to you PHP file using get method. We all know when we use get method anyone can see our coding, so even with basic html knowledge someone can pass unwonted scripts.

Solution is first we remove html tags that pass through GET method

strip_tags( $_GET['passing_value'] );

  • Do not pass values that goes to database using GET method

This will remove html tags from passing GET method.

Checking server reffer address is another security you can use. Use $_SERVER['HTTP_REFERER'] to process the data on your form. By working with  HTTP_REFERER, you only take data from a page withing your own domain or spesific file. This will prevent unwanted spamming.

Check sessions if necessory. If you use sessions in your system you can use your session ID to check incomming form values. Pass session_id, through your form and compare that value with your system session_id.

Make sure you never include your data on files with extentions like txt, inc, bat, dat and etc. where those files can access by a text editor. It is better to use  .php extions to all of your data files in your system so no one can access the files and see the content on the files.

Next if there is a direct database entry from your form, makesure to use springf() whatever the data input is and prevent SQL injection.

Neverever trust your system user. And  it’s not the hacker or spammer that break into your system need to be blaim, it ‘s you yourself need to be blaim, coz you alow them to break into your system.