PHP
  Home arrow PHP arrow Reconsidering PHP variables
Dev Shed Forums 
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Moblin 
JMSL Numerical Library 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PHP

Reconsidering PHP variables
By: Iulian Turnea
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 3 stars3 stars3 stars3 stars3 stars / 44
    2005-01-10

    Table of Contents:
  • Reconsidering PHP variables
  • Counting your cookies?
  • Checking variable types
  • A Method to your madness
  • Its the size that matters
  • Pssst... Whats the password?
  • And in Conclusion...
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Reconsidering PHP variables
    (Page 1 of 7 )

    Php helps you to quickly build big applications and many times, its easy to neglect the security matter. Its easy to believe that security breaches could not happen to your software. But what if it does happen? For this reason, security in your applications should be kept in consideration from the beginning.

    I have read in the past many scary things about PHP variables. Words like: be aware, take care or look again are still in my mind. And slowly, I have realized that it would be prudent to follow some steps when using PHP variables. I have tested many secure implementations and found no performance decrease when being processed by the PHP engine. 

    Here is a short list of things you can do to better protect the security of your applications:

    1. Check the number of POST, GET and COOKIE variables handled by your applications.
    2. Check if the variable content is of appropriate type. 
    3. Using REQUEST METHOD and REFERRER.
    4. Check the variable content length.
    5. Check a 'secret key' inside one variable.

    Next: Counting your cookies? >>
     

    More PHP Articles
    More By Iulian Turnea


       · A poor article that promotes invalid HTML and uses a ludicrous substr() method to...
       · After reviewing the content of the article, we made some changes and corrections to...
       · Isn't stuff like HTTP_GET_VARS very old?
       · Its old, but it works. I think the article is pretty good, since it shows some...
       · If you use is_numeric() in place of is_integer(), then you can enclose the value of...
       · When you are using values in an HTML form, you should always quote the attribute...
       · I may be mistaken (not!) but in page 5 it reads:header(" You can send up to 3000...
       · $limit=count($_GET);echo $list;should be:echo $limit;There is no PHP...
       · oh how friendly...I am logged in, but am named 'Anonymous...
       · Terrible article.
       · First, you may be logged in, but you need to create a blog account in order to not...
       · I want a a complete and comprehensive guide on hardening your scripts to be...
       · I'm going to have to side with Rich. When judging an article, you should consider...
       · Excellent choice of books!
       · always thought devshed has some kind of a guywho at least screens the articles...
       · 
     
    >>> Post your comment now!

       

    PHP ARTICLES

    - Validating Web Forms with the Code Igniter P...
    - Output Buffering
    - Paginating Database Records with the Code Ig...
    - HTTP Headers in Web Development
    - Project Management: Administration
    - Building a Database-Driven Application with ...
    - User Authentication for a Project Management...
    - Introduction to the CodeIgniter PHP Framework
    - Adding Users for a Project Management Applic...
    - Migrating Class Code for a MIME Email to PHP...
    - Login and Logout Authentication for a Projec...
    - Composing Messages in HTML for MIME Email wi...
    - Project Management: Authentication
    - A Better Way to Determine MIME Types for MIM...
    - Project Management Overview
    Find More PHP Articles




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway