This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

PHP Security Leading Practice

From OWASP
Revision as of 13:24, 17 October 2007 by EoinKeary (talk | contribs) (New page: ===Global Variables=== One does not need to explicitly create "global variables" this is done via the php.ini file by setting the "register_globals" function on. Appending global variable...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Global Variables

One does not need to explicitly create "global variables" this is done via the php.ini file by setting the "register_globals" function on. Appending global variables to the URL may be a way to circumvent authentication.

Error handling

If possible check if one has turned off error reporting via php.ini and if "error_reporting" off.

File Manipulation

Good Things to Use

strip_tags(): Removes any HTML from a String nl2br(): Converts new line characters to HTML break "br" htmlspecialchars():