Home » » PHP-MySQL application Security

PHP-MySQL application Security

10:33
With these two methods, there’s no longer any need to ever use GET for requests internal to an application.
You may still need it for external requests, to other applications and web sites that aren’t coded to look for their
parameters as POST data, but you can’t do anything about them.
Of course, I also should mention that there’s not much security in POST unless you’re also using SSL
Hash the passwords with Phpass.
Store the hashed passwords in the database, protected to the extent possible.   
Use 2FA.Prevent SQL injection with parameterized queries.   
Prevent XSS by escaping all user-originated output.    
Prevent CSRF with a csrftoken. 
Prevent clickjacking with an  
X-Frame-Optionsheader.
Use POST rather than GET.
Use SSL.

 Submitting Requests with POST

Submitting requests with POST instead of GET makes it just a bit harder
 for an attacker to break in, since JavaScript has to be used and easy tricks like
 coding a request in an image srcattribute won’t work. POST also prevents data like
a csrftoken from accidentally getting e-mailed or posted on a social site.

The only requests that should use GET are those that don’t do anything
 other than to display a page. Indeed, RFC 2612, the official specification for HTTP,
 says “the convention has been established that the GET and HEAD methods
SHOULD NOT have the significance of taking an action other than retrieval.
  It’s not disallowed, just discouraged. But you should act like it’s disallowed.
   
Categories: 
Related Posts:
  • What is difference between mysql_fetch_array(),mysql_fetch_row() and mysql_fetch_object() ? mysql_fetch_array():: fetches a result row as a associated array, numeric arraymysql_fetch_object: Fetaches a result row as object.mysql_fetch_row::fetches a result row as array … Read More
  • How can we find the number of rows in a MySQL table? By Mysql SELECT COUNT(*) FROM table_name; … Read More
  • PEAR class: System The System PEAR class is available as part of the basic PEAR install:<?phprequire_once "System.php";$tmp_file = System::mktemp();copy("http://php.net/robots.txt", $tmp_file);$pear_command = System::which("pear");?>PEAR… Read More
  • mysqli Fetch Methods If you prefer different MySQL fetch methods, they're also in mysqli. Given the same query of SELECT username FROM users, these example functions all print the same results: // Fetch numeric arrays: while ($row = mysqli_… Read More
  • Using mysql_fetch_array fanc we accessed attributes in order using the foreach loop statement. In many cases, you'll also want to access the attributes in another way, and this is usually best achieved by using the attribute names themselves. It's muc… Read More
  • Use $_POST to get input values It will execute the whole file as PHP. The first time you open it,  $_POST['submit']  won't be set because the form has not been sent.    <?php if (isset($_POST['submit'])) { $example = $_POST['… Read More
  • Encoding php file str_rot13() base64_decode()   Try ionCube PHP Encoder,  link - http://www.ioncube.com/sa_encoder.php        There are only two worthwhile players in the encoding market, Zend Guard ($600) and i… Read More
  • P ARSING XML Two techniques are used for parsing XML documents in PHP:SAX(Simple API for XML) andDOM(Document Object Model). By using SAX, the parsergoes through your document and fires events for every start and stop tag orother element… Read More
  • Advanced SQL 15.1 Exploring with SHOW The SHOW command is useful for exploring the details of databases, tables, indexes, and MySQL. It's a handy tool when you're writing new queries, modifying database structure, creating repor… Read More
  • SELECTING DATA IN PHP You frequently select data in a MySQL table using PHP. Selecting data through a PHP programusing a MySQL command takes four steps:1. Make a connection to the database.2. Create a safe query with the command.3. Run the query.… Read More
  • php and pdf  Documents and Pages A PDF document is made up of a number of pages. Each page contains text and/or images.Put text onto  the pages, and send the pages back to the browser when you're done.    … Read More
  • Storing Complex Data Types You can use sessions to store complex data types such as objects and arrays simply by treating them as standard variables, as this code shows: $myarr["0"] = "Sunday"; $myarr["1"] = "Monday"; $myarr["2"] = "Tue… Read More
  • Declaring a Class To design your program or code library in an object-oriented fashion, you'll need to define your own classes, using the class keyword. A class definition includes the class name and the properties and methods of the clas… Read More
  • XML Extensions in PHP 5 SimpleXML A new PHP 5-only extension that excels at parsing RSS files, REST results, and configuration data. If you know the document's format ahead of time, SimpleXML is the way to go. However, SimpleXML supports o… Read More
  • Sorting One Array at a Time PHP functions for sorting an array Effect Ascending Descending User-defined order Sort array by values, then reassign indices starting with 0 sort( ) rsort( ) usort( ) Sort array by values … Read More