Comments on: 7 Useful functions to tighten the security in PHP http://roshanbh.com.np/2008/05/tighten-php-security-functions.html Useful Tutorials, Scripts , Tips, and Resources for all PHP and Ajax beginners and experts . Wed, 10 Mar 2010 10:59:13 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: ibrahim sana http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-4763 ibrahim sana Sun, 01 Nov 2009 22:13:10 +0000 http://roshanbh.com.np/?p=112#comment-4763 nice post. thanx The mysql_real_escape function is used for mysql database only , for other DBMS other functions is in used. For example in Postgres you can use pg_escape_string for escaping harmful characters. please note that some php "bad features" can yield to a real security hole and not mentioned here, for example the register_globals feature. nice post. thanx
The mysql_real_escape function is used for mysql database only , for other DBMS other functions is in used. For example in Postgres you can use pg_escape_string for escaping harmful characters.
please note that some php “bad features” can yield to a real security hole and not mentioned here, for example the register_globals feature.

]]> By: CHITARANNJAN SATHUA http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-4596 CHITARANNJAN SATHUA Fri, 18 Sep 2009 09:15:41 +0000 http://roshanbh.com.np/?p=112#comment-4596 if i will convert all the special character to html and insert in to my database and how can i retrive data and shows as it i want if i will convert all the special character to html and insert in to my database
and how can i retrive data and shows as it i want

]]> By: Nick Poulos http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-4136 Nick Poulos Sun, 21 Jun 2009 23:46:16 +0000 http://roshanbh.com.np/?p=112#comment-4136 I know for certain types of variables (like zip code, phone, email, ssn, etc) regular expressions are preferred or even necessary in some cases. But for quick and easy validation for certain var types - what about using functions like is_numeric to check variables? For ex: if (!is_numeric($_GET["id"])) $errors[ ]="You did not enter a valid id!"; else $id=$_GET["id"]; Any reason this would be unsafe or poses a risk? I know for certain types of variables (like zip code, phone, email, ssn, etc) regular expressions are preferred or even necessary in some cases. But for quick and easy validation for certain var types – what about using functions like is_numeric to check variables? For ex:

if (!is_numeric($_GET["id"]))
$errors[ ]=”You did not enter a valid id!”;
else
$id=$_GET["id"];

Any reason this would be unsafe or poses a risk?

]]> By: Shahriat Hossain http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-3928 Shahriat Hossain Mon, 04 May 2009 05:50:58 +0000 http://roshanbh.com.np/?p=112#comment-3928 Thanks for sharing these useful functions. Thanks for sharing these useful functions.

]]> By: Tigran.su http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-3531 Tigran.su Fri, 06 Feb 2009 12:46:50 +0000 http://roshanbh.com.np/?p=112#comment-3531 i like this article. it read it and it was very funny, but if anybody wants to be more professional, must read GOOGLE...:)))))))) i like this article. it read it and it was very funny, but if anybody wants to be more professional, must read GOOGLE…:))))))))

]]> By: Enlaces del 05-02-09 | evelio.info http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-3526 Enlaces del 05-02-09 | evelio.info Thu, 05 Feb 2009 07:15:56 +0000 http://roshanbh.com.np/?p=112#comment-3526 [...] Useful functions to tighten the PHP security [...] [...] Useful functions to tighten the PHP security [...]

]]> By: Asad Abbas http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-3411 Asad Abbas Sat, 27 Dec 2008 05:03:17 +0000 http://roshanbh.com.np/?p=112#comment-3411 nice article ... I like all the tips especially intval :p .... people just forget simple things and get caught ! nice article … I like all the tips especially intval :p …. people just forget simple things and get caught !

]]> By: Kit Peters http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-3000 Kit Peters Mon, 27 Oct 2008 21:34:30 +0000 http://roshanbh.com.np/?p=112#comment-3000 I would go one further than previous commenter Jasper and recommend *against* using the mysql_* functions at all. Instead, use the PDO classes, which ship with recent versions of PHP. I would go one further than previous commenter Jasper and recommend *against* using the mysql_* functions at all. Instead, use the PDO classes, which ship with recent versions of PHP.

]]> By: Roshan http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-1101 Roshan Wed, 04 Jun 2008 11:12:38 +0000 http://roshanbh.com.np/?p=112#comment-1101 Thanks SNaRe for motivation... Thanks SNaRe for motivation…

]]> By: SNaRe http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-1100 SNaRe Wed, 04 Jun 2008 05:24:29 +0000 http://roshanbh.com.np/?p=112#comment-1100 Your articles are really great. I added you to my rss list Your articles are really great. I added you to my rss list

]]> By: salman http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-1050 salman Thu, 29 May 2008 20:50:16 +0000 http://roshanbh.com.np/?p=112#comment-1050 wow nice post dude. thanks for this wow nice post dude. thanks for this

]]> By: links for 2008-05-27 | Mior Muhammad Zaki http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-1022 links for 2008-05-27 | Mior Muhammad Zaki Tue, 27 May 2008 12:32:30 +0000 http://roshanbh.com.np/?p=112#comment-1022 [...] Useful functions to tighten the PHP security (tags: programming PHP Security tips) [...] [...] Useful functions to tighten the PHP security (tags: programming PHP Security tips) [...]

]]> By: 7 ??????? PHP, ??????? ????? ???????? ???????????? ????? | ????????.?? http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-1016 7 ??????? PHP, ??????? ????? ???????? ???????????? ????? | ????????.?? Mon, 26 May 2008 23:12:50 +0000 http://roshanbh.com.np/?p=112#comment-1016 [...] ????????: ???? ?????? ?????????. [...] [...] ????????: ???? ?????? ?????????. [...]

]]> By: Roshan http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-1006 Roshan Mon, 26 May 2008 08:14:46 +0000 http://roshanbh.com.np/?p=112#comment-1006 ya Dave absolutely........these are essential functions from the security point of view in PHP @ jaredmellentine - you can do it in both way either type casting the variable or use intval(), I think syntax for using intval() is a bit easier than using variable type casting for beginners. ya Dave absolutely……..these are essential functions from the security point of view in PHP

@ jaredmellentine – you can do it in both way either type casting the variable or use intval(), I think syntax for using intval() is a bit easier than using variable type casting for beginners.

]]> By: Dave Marshall http://roshanbh.com.np/2008/05/tighten-php-security-functions.html/comment-page-1#comment-1005 Dave Marshall Mon, 26 May 2008 07:59:15 +0000 http://roshanbh.com.np/?p=112#comment-1005 I'd change the title of your post, I think these functions are not only useful, they are essential. I’d change the title of your post, I think these functions are not only useful, they are essential.

]]>