Security in PHP (Handling user data)

I want to talk about simple techniques that will help secure your script.

General provisions

Always check the received data from the user ($_POST, $_GET, $_REQUEST, $_COOKIE, $_FILES) , and not only from different injections, XSS and others , but also on the correctness of the input data , for example, if you have an online store, check that the quantity of goods is not negative and whole.

Imagine yourself in the place of a hacker, think about what you would do with the site.

SQL injections

SQL injection (“SQL injection”) is one of the most common ways to hack websites and programs that work with databases, based on the insertion of arbitrary SQL code into a query. Read on wikipedia
To protect against it, it is enough to use:

• mysql_escape_string () - to protect strings and binary data
• mysql_real_escape_string () - to protect strings and binary data in accordance with the encoding installed on the server (requires connection to the server, otherwise returns an empty result)
• intval () - to protect integer numeric values, intval () returns 0 if the string is not a number.
• floatval () - to protect fractional values, the same behavior as intval ()

Examples:
$sql = "SELECT string FROM test WHERE string='".mysql_escape_string($_POST['str'])."'";

$sql = "SELECT string FROM test WHERE id='".intval($_POST['id'])."'";

')

Xss

XSS (English Cross Site Scripting - “cross-site scripting”) is a type of computer system vulnerability used in a hacker attack. The specific nature of such attacks is that instead of directly attacking the server, they use the vulnerable server as a means of attacking the client. An XSS attack is usually carried out by constructing a special URL that an attacker places on his victim. Read on wikipedia
It is enough to defend against it using two functions:

• htmlspecialchars () - turns special characters into their html entities
• strip_tags () - removes all tags (you need to be careful with it)

PHP injection

PHP injection (PHP injection) is one of the ways to hack websites running on PHP, which consists in executing extraneous code on the server side. Read on wikipedia

This is a way of hacking, when you can execute any php code on the server side. It is very common due to the include () function, in which new users transfer the variable received from the user. They mistakenly think that the code include($_GET['file'].".php"); saves from such an infection. BUT THIS IS A MISTAKE !!! Because an attacker can pass to the file variable " ya.ru/%00 " (without quotes) that will drop the .php extension

There is an easy way to protect it:

• addslashes () - it escapes a NULL-character (in html it is denoted as% 00), forward slashes and quotes, which allows you to get rid of unwanted injections, but it is better to use the switch operator, for example:
  

switch ($_GET['file']) {
case '1':
include("hello.php");
break;
case '2':
include("bye.php");
break;
default:
break;
}

Conclusion

Here I described the general principles that I use. I would be glad if you help supplement this article.