PHP security code

Posted by PHP HELP in Security | no responses

PHP security is something you have to take very serious because every site will suffer damages if a hacker finds vulnerabilities in the php code.
With the php secure code below you can protect your php project from SQL injections and XSS.

Basically, this function will clean your variable, starting with ereg_replace function which will replace ‘, “, < and > with empty space “”.



Then mysql_real_escape_string will prevent SQL injections. $db is the database connection and has to be set else you’ll get an error.

htmlentities will transform html tags into entities, something like: <b> tag will become & lt;b& gt;

PHP security function

  1. <?php
  2. function secure($var) {
  3.  $var = ereg_replace("[\'\")(;|`,<>]", "", $var);
  4.  $var = mysql_real_escape_string($var, $db);
  5.  $var = htmlentities($var,  ENT_QUOTES);
  6.  return $var;
  7. }
  8. ?>

How to use the php security function?
If you have a variable you must secure just call this function like this – secure($variable);

No related php tutorials.

bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark
tabs-top

Leave a Reply