The combination of Chinese and English is really good. I have previously reposted Chinese people’s summary of PHP security programming. Some people say it's a long talk. This time I will look at the works of foreign friends.
According to the latest survey, the usage rate of PHP language has surpassed the old language C++, becoming the third most used programming language. It has many useful features, but there are also many problems that can arise. This article lists five common suggestions to help you create secure PHP applications.
PHP is one of the most popular programming languages for the web. Sometimes a feature-friendly language can help the programmer too much, and security holes can creep in, creating roadblocks in the development path. In this tutorial, we will take a look at 5 tips to help you avoid some common PHP security pitfalls and development glitches.
Suggestion 1: Use error reporting appropriately
Tip 1: Use Proper Error Reporting
Error reporting is very useful during the development process. It can help you find a series of problems. But if you still turn this feature on in the official application, it will provide a wealth of information to those with bad intentions. You can add error_reporting(0);
before all application file codesIf something goes wrong that you really want to know about, then the error report should be entered into a protected file. This can be done with the function set_error_handler.
During the development process, application error reporting is your
best friend. Error reports can help you find spelling mistakes in your
variables, detect incorrect function usage and much more. However, once
the site goes live the same reporting that was an ally during
development can turn traitor and tell your users much more about your
site than you may want them to know (the software you run, your folder
structure, etc ).
Once your site goes live, you should make sure to hide all error
reporting. This can be done by invoking the following simple function
at the top of your application file(s).
If something does go wrong, you still want and need to know about
it. Therefore, you should always make sure to log your errors to a
protected file. This can be done with the PHP function set_error_handler .
Suggestion 2: Turn off bad functions of php