How to make core php project secure?

how to make core php project secure?


  1. connection file
  2. sign up process
  3. login process
  4. insert any thing into database
  5. update any thing into database
  6. select any thing from database
  7. delete any thing from database
  8. Any thing which is IMPORTANT
  9. Logout

Security in web applications is a big topic. There are experts paid to only do this. However, it’s true that there’s a basic minimum that developers should know.

First, you could check out OWASP Top Ten project. It’s a little bit scary for beginners, but if you read it carefully, it’s not that hard to understand.

One basic rule for security is this: Do not write code yourself (if possible) that touches anything sensible. It means that using a library/module/framework feature/… that is already available, used and trusted is the best of the best idea.

For everything about SQL injections (your number 4 to 7), read about prepared statements with mysqli or PDO.

If you have any concern, just search Google for “secure <keyword> with php” like “secure logout with php”.

Anything else important? - Everything touching the DB, everything touching the sessions, every time you read “external” data and use that data (it can be data entered by the user, an RSS, an API) you need to validate that data to be certain it doesn’t contain anything malicious (or just something that would make your app crash)…