I would like to talk about hacks and how to secure your code in 2 levels. The 2 levels are:
Server (host) level.
The rist for not securing these two levels are:
Losing important data.
Losing your database.
New files and folders created on your server (hack).
updating your current files by adding maleware script to the end of files.
PHP level security:
The PHP level will prevent injections to SQL datbase.
So, it will secure you from losing data having problem with your database.The most thing you should know is: Don’t trust any data sent from client.So,for numeric posts (POST or GET) use: "(int)" before the variable. This will change the type of it to integer (if you need it like that). See this code:$id = (int)$_GET[‘id’];// OR$id = (int)$_POST[‘id’];
Also see the list of types below:
(int) cast to integer.
(bool) cast to boolean.
(float) cast to float.
(string) cast to string.
(array) cast to array.
(unset) cast … Read More »