To understand PHP security better let us first understand what is PHP and Security
Security is a process, not a product, and adopting a sound approach to security during the process of application development will allow you to produce tighter, more robust code.
(PHP Hypertext Preprocessor) A scripting language used to create dynamic Web pages. With syntax from C, Java and Perl, PHP code is embedded within HTML pages for server side execution. It is commonly used to extract data out of a database and present it on the Web page
PHP is a powerful scripting language for building web applications, and also one of the easiest ways for hackers to gain access to your web server. Developers need to understand how their scripts can be exploited in order to protect them.
PHP is widely used in many high-end applications that maybe a Web Based (Internet) or and Intranet Applications. We can say that from the total PHP in Web Based (Internet) Applications : 80% and Intranet Applications:20%.
As IBM as suggested few basic principles that we could follow to make our website secure and guard our application from any vulnerabilities:
- Validate input
- Guard your file system
- Guard your database
- Guard your session data
- Guard against Cross-Site Scripting (XSS) vulnerabilities
- Verify form posts
- Protect against Cross-Site Request Forgeries (CSRF)