Basic PHP script security covers issues like prevention of SQL injections, XSS and CSRF attacks, variable tampering, etc.


http://templora.com/content/14

Great tutorial on adding security to your PHP scripts.

Geoserv.

Thanks man, I'm new to php programming. Currently creating a CMS for my personal use, and hopefully public use later on and security is job number one. But as a newbie, I feel lost at times. I'll check out the tutorial and hopefully being able to incorporate it.

Here is my function I use for cleaning up results before submitting them to queries, feel free to use it:

function clean($text)
{
if ( get_magic_quotes_gpc() )
{
$text = stripslashes($text);
}
$text = mysql_real_escape_string($text);
echo $text;
}

echo clean("kalsj;l''\"/?");