PHP Tutorial
|
PHP Security Issues and Solutions
The placement of the PHP security issues and solutions topic towards the end of this PHP tutorial is, in no way, meant to diminish its importance. The fact is that security should be a consideration from the beginning of a project through to the end. For this reason, you'll find throughout these pages many security-related issues, such as type-casting data, escaping input used in database queries, or preventing cross-server scripting attacks (XSS). This section of the PHP tutorial also invokes all of these techniques, and more, as well as introducing auditing methods you can apply to existing code and sites.
PHP security issues fall under these broad categories:
- the server itself
- how PHP is configured
- where data is coming from
- where data is going
The server itself is often out of most developers hands and merits a lifetime of study to master. It's included in this list because if a server is unsecure, it makes no difference how well you do in all of the other areas. What you may have more control over, and it's certainly a smaller universe, how PHP is configured.
Most of security-related issues when it comes to PHP involves the data being used (after all, dynamic Web sites in PHP is largely a matter of taking, storing, and displaying data). Incoming data needs to be filtered, validated, and sanitized. Outgoing data may also need many of these same treatments. Some of these steps are a matter of applying PHP's built-in functions, some are just applying logic, and others require explicit pattern matching via regular expressions. In the PHP security issues and solutions section, you'll find plenty of specific techniques, discussions of common pitfalls, and loads of solutions.
PHP Tools
The last subject in this PHP tutorial is a brief introduction to the available PHP tools. As an established and open-source technology, plenty of viable PHP tools exist today. Part of PHP's success is certainly thanks to the ability for anyone to begin developing with PHP without spending anything on software. But it really doesn't take long for those same developers to realize the inadequacies of such applications. For just a little bit of money, the same (or better) PHP scripts can be written faster and with much less debugging, using NuSphereâ„¢ PhpED. Download the free trial to start seeing these benefits for yourself:
- Support for PHP 4, PHP 5, JavaScript, CSS, Smarty, and more!
- Built-in debugger for fast fixes.
- Profiler to check and improve an application's performance (see the figure at right).
- Ability to publish your pages without an external FTP application.
- Code completion for built-in and user-defined functions and class.
- Integration with databases and Web services.
NuSphere supports PHP development in other ways, as well. Their other products include:
- Nu-Coder
- Nu-Coder is a PHP encoding solution, protecting PHP source code from being visible and improving performance in the process. To guarantee the work you've done remains your own, encode it using Nu-Coder. Nu-Coder, like PhpED, is available to download as a free trial.
- PhpExpress
- One popular method of improving a site's performance is to install an accelerator, like PhpExpress. Unlike some commercially available accelerator's PhpExpress is provided for free. It will accelerate both encoded and non-encoded scripts.
- PhpDock
- PhpDock allows you to create Windows desktop applications in PHP without having to install a Web server such as Apache. It is also available for download as a free trial.
- TechPlatform
- TechPlatform is a distribution of Apache, PHP, and Perl, plus extra development and administrative tools, including the excellent PHP Debugger. It is available as a free download.
|
Article continues:
<<previous page
|
|
Download NuSphere PHP IDE
Download a free trial of the fast PHP EDitor and robust Integrated Development Environment for PHP.
|
Buy NuSphere PhpED® now
|
Special Team4 Offer
Get 4 copies of PhpED for the price of 3!
Optimum solution for development teams.
|
|
Need more than 4 licenses? Contact Us for more quantity discounts, please use "Ordering/Payment issue" subject on the form.
|
|
"To be honest its bloody awesome, I have looked at loads of PHP editors and this is THE only one that actual works straight out of the box!!! Brilliant, well done."
Andrew Breward, Director of Technology caboodal.com
|
|