Comments on: Writing Secure PHP Scripts – Part 1 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/ WordPress Plugins, PHP Scripts, Tools, and Tutorials Tue, 16 Mar 2010 11:09:16 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Karolis http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-134840 Karolis Tue, 08 Jan 2008 18:26:45 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-134840 Hello there, great article. i have been using a slightly different approach. <code> ## # Get rid of magic quotes in .htaccess #php_flag magic_quotes_gpc off ## $cleanPost=array(); foreach($_POST as $key=>$value){ $cleanPost[$key]=mysql_real_escape_string(htmlentities($value,ENT_QUOTES)); } </code> I combined htmlentities() and mysql_real_escape_string() for the sake of keeping it short. Now, whenever i need a user submitted value from $_POST, i reference $cleanPost instead. I'd like to hear your opinion on this method. Thanks Hello there, great article.
i have been using a slightly different approach.

##
# Get rid of magic quotes in .htaccess
#php_flag magic_quotes_gpc off
##

$cleanPost=array();

foreach($_POST as $key=>$value){
 $cleanPost[$key]=mysql_real_escape_string(htmlentities($value,ENT_QUOTES));
}

I combined htmlentities() and mysql_real_escape_string() for the sake of keeping it short.
Now, whenever i need a user submitted value from $_POST,
i reference $cleanPost instead.

I’d like to hear your opinion on this method.
Thanks

]]> By: Ryan http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-96431 Ryan Sun, 04 Nov 2007 15:15:54 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-96431 Thanks for this! I was gonna release a login form + some other scripts without any security knowledge..saved this in a category called very imp on my bookmarks :) Thanks again Thanks for this! I was gonna release a login form + some other scripts without any security knowledge..saved this in a category called very imp on my bookmarks :)

Thanks again

]]> By: Igor http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-81628 Igor Fri, 14 Sep 2007 21:26:55 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-81628 This is not only good stuff, it is _exceptionally_ well written -- an all-too-rare combination. Thanks. This is not only good stuff, it is _exceptionally_ well written — an all-too-rare combination. Thanks.

]]> By: Frank http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-77800 Frank Thu, 30 Aug 2007 18:57:06 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-77800 So, part one from 2005. When and where is part 2 :-) So, part one from 2005. When and where is part 2 :-)

]]> By: Admin http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-55868 Admin Thu, 21 Jun 2007 00:50:31 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-55868 <b>vanj</b>: There is no information here about encrypting email messages, so I am not sure what you mean. vanj: There is no information here about encrypting email messages, so I am not sure what you mean.

]]> By: vanj http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-55602 vanj Wed, 20 Jun 2007 09:11:33 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-55602 Great articles and work! I just have a question: After sending the encripted email, will the receiver viewing the email be able to read the message using an any POP mail software like outlook or entourage? Thanks! Great articles and work!
I just have a question:

After sending the encripted email, will the receiver viewing the email be able to read the message using an any POP mail software like outlook or entourage?

Thanks!

]]> By: Frank http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-46078 Frank Sat, 19 May 2007 05:11:55 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-46078 Very helpful. I never came by the mailer issue until now. I am really glad I did! -Frank Very helpful. I never came by the mailer issue until now. I am really glad I did!

-Frank

]]> By: jeff http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-41039 jeff Wed, 18 Apr 2007 18:54:29 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-41039 Very helpful information! I like the way you kept it focused, direct, and very practical. Many thanks!! Very helpful information! I like the way you kept it focused, direct, and very practical. Many thanks!!

]]> By: Abbe http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-40712 Abbe Mon, 16 Apr 2007 20:58:52 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-40712 I enjoyed reading this useful, easy to read and understand, article and am looking forward to read next parts soon. Thanks. I enjoyed reading this useful, easy to read and understand, article and am looking forward to read next parts soon.
Thanks.

]]> By: anna http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-38322 anna Thu, 05 Apr 2007 09:08:33 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-38322 Can I write from PHP to an html form(a text area) Can I write from PHP to an html form(a text area)

]]> By: Peter http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-18634 Peter Thu, 21 Dec 2006 21:33:20 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-18634 Thanks for the tutorial. I wasn't aware of the special mysql_real_escape_string function. I will have go go through and make sure that I am securing my user input. Thanks for the tutorial. I wasn’t aware of the special mysql_real_escape_string function. I will have go go through and make sure that I am securing my user input.

]]> By: Matt http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-3931 Matt Mon, 28 Aug 2006 17:08:06 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-3931 Thx. Was about to publish something with almost no user input secruity. Thx. Was about to publish something with almost no user input secruity.

]]> By: Admin http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-373 Admin Wed, 08 Mar 2006 20:56:50 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-373 vipin: It is always a good idea. Never trust user input! :) vipin: It is always a good idea. Never trust user input! :)

]]> By: vipin http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-371 vipin Wed, 08 Mar 2006 06:48:06 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-371 Is it must to validate all field seperately before sending mails in secure php mail scriptiing? Is it must to validate all field seperately before sending mails in secure php mail scriptiing?

]]> By: Admin http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-285 Admin Sun, 19 Feb 2006 23:28:58 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-285 There may be, but I am not aware of any. There may be, but I am not aware of any.

]]> By: Gee http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/comment-page-1/#comment-284 Gee Sun, 19 Feb 2006 17:50:09 +0000 http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/#comment-284 Is there any software which can check security holes in .php files? Is there any software which can check security holes in .php files?

]]>