4 Replies - 779 Views - Last Post: 12 August 2008 - 01:23 AM Rate Topic: -----

#1 tommyflint  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 34
  • View blog
  • Posts: 679
  • Joined: 24-July 08

PHP Security for input and forums

Post icon  Posted 11 August 2008 - 11:20 AM

hey guys i'm pretty new to php etc.. and was wondering if you could tell me what sort of security i need for my forum site?

cheers guys =]
Is This A Good Question/Topic? 0
  • +

Replies To: PHP Security for input and forums

#2 JBrace1990  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 110
  • View blog
  • Posts: 760
  • Joined: 09-March 08

Re: PHP Security for input and forums

Posted 11 August 2008 - 11:33 AM

mysql_real_escape_string()
stripslashes()
addslashes()

those should be it ^_^

oh, and probably wanna replace % with \%
Was This Post Helpful? 0
  • +
  • -

#3 mocker  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 50
  • View blog
  • Posts: 466
  • Joined: 14-October 07

Re: PHP Security for input and forums

Posted 11 August 2008 - 11:36 AM

Are you building a new forum system in php, or are you using an existing software package? A full forum system is a pretty large project for someone new to php. If you need a forum I suggest using one of the mature opensource php ones available, and starting smaller for your learning projects.

If you are using an existing program, like wordpress, then this isnt a programming question at all, it is a system admin task. The software you are using probably has its own set of requirements for file permissions and whatnot so read its documentation. Keep in mind that any permissions it suggests for your files and directories are maximum permissions, do not give them more permissions than suggested, and do not give other files extra permissions that are not listed.
Was This Post Helpful? 0
  • +
  • -

#4 Moonbat  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 36
  • View blog
  • Posts: 424
  • Joined: 30-June 08

Re: PHP Security for input and forums

Posted 11 August 2008 - 12:46 PM

Use functions like htmlentities() and htmlspecialchars() to sanitize data to protect against XSS (Cross site scripting).

Use functions like mysql_real_escape_string() to protect against SQL injections.

As far as remote/local file inclusion (RFI and LFI respectively) you'll need to have safe coding practices, like if someone tries to include a page that doesn't exist on the server, redirect them to index.php, etc. Also, if you are using an old version of PHP, make sure Register Globals is set to off.
Was This Post Helpful? 0
  • +
  • -

#5 pemcconnell  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 54
  • View blog
  • Posts: 472
  • Joined: 05-August 08

Re: PHP Security for input and forums

Posted 12 August 2008 - 01:23 AM

also, if the value you are wanting to enter into your database is an integer, simply declare the data type as follows:

$value = (int)$_POST['formvalue'];



Where the (int) will force the value to be a number (will return as 0 if a string has been entered.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1