I want to talk about simple techniques that will help secure your script.General provisions
Always check the received data from the user ($_POST, $_GET, $_REQUEST, $_COOKIE, $_FILES)
, and not only
from different injections, XSS and others , but also
on the correctness of the input data , for example, if you have an online store, check that the quantity of goods is not negative and whole.
Imagine yourself in the place of a hacker, think about what you would do with the site.SQL injections
SQL injection (“SQL injection”) is one of the most common ways to hack websites and programs that work with databases, based on the insertion of arbitrary SQL code into a query.
Read on wikipediaTo protect against it, it is enough to use:
- mysql_escape_string () - to protect strings and binary data
- mysql_real_escape_string () - to protect strings and binary data in accordance with the encoding installed on the server (requires connection to the server, otherwise returns an empty result)
- intval () - to protect integer numeric values, intval () returns 0 if the string is not a number.
- floatval () - to protect fractional values, the same behavior as intval ()
Examples:
$sql = "SELECT string FROM test WHERE string='".mysql_escape_string($_POST['str'])."'";
$sql = "SELECT string FROM test WHERE id='".intval($_POST['id'])."'";
')
Xss
XSS (English Cross Site Scripting - “cross-site scripting”) is a type of computer system vulnerability used in a hacker attack. The specific nature of such attacks is that instead of directly attacking the server, they use the vulnerable server as a means of attacking the client. An XSS attack is usually carried out by constructing a special URL that an attacker places on his victim.
Read on wikipediaIt is enough to defend against it using two functions:
PHP injection
PHP injection (PHP injection) is one of the ways to hack websites running on PHP, which consists in executing extraneous code on the server side.
Read on wikipediaThis is a way of hacking, when you can execute any php code on the server side. It is very common due to the include () function, in which new users transfer the variable received from the user. They mistakenly think that the code
include($_GET['file'].".php");
saves from such an infection.
BUT THIS IS A MISTAKE !!! Because an attacker can pass to the file variable "
ya.ru/%00 " (without quotes) that will drop the .php extension
There is an easy way to protect it:
- addslashes () - it escapes a NULL-character (in html it is denoted as% 00), forward slashes and quotes, which allows you to get rid of unwanted injections, but it is better to use the switch operator, for example:
switch ($_GET['file']) {
case '1':
include("hello.php");
break;
case '2':
include("bye.php");
break;
default:
break;
}
Conclusion
Here I described the general principles that I use. I would be glad if you help supplement this article.