5.10. Summary
PHP is easily embedded into HTML files, displaying HTML forms that collect data entered by users and files that users upload. Collecting information from users presents security issues for the web site and for any user information stored at the web site. For security, PHP should have register_globals set to Off. To attack your web site or steal your data, the bad guys use techniques like cross-site scripting (executing pieces of client side scripting on your site) and SQL injection (inserting malicious code into queries run on your database). To protect against attacks, you must distrust all data that originates from users. You need to carefully validate all data that you receive from users and test it carefully to be sure it is ...
Get PHP 5 Power Programming now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
