8 Useful PHP Security functions, do you know a few? , Very useful php_php tutorials

Source: Internet
Author: User
Tags md5 hash

8 Useful PHP Security functions, do you know a few? , Very useful PHP



Original: Useful functions to provide secure PHP application

Useful PHP Security Functions

Translator: Dwqs

Security is a very important aspect of programming. In any programming language, a number of functions or modules are provided to ensure the security of the program. In modern web site applications, it is often to get input from users around the world, but we all know that "you can never trust data entered by those users." So in a variety of web development languages, there are functions that guarantee user input data security. Today, let's take a look at some of the useful security functions in the famous open source language PHP.

In PHP, some useful functions open source is very convenient to prevent your site from being subjected to various attacks, such as SQL injection attacks, XSS (cross site Scripting: Inter-site scripting) attacks and so on. Take a look at the commonly used functions in PHP that ensure project security. Note that this is not a complete list, it is something that I think has some functions for your I project.

1. Mysql_real_escape_string ()

This function is useful in PHP to prevent SQL injection attacks. This function adds a backslash to some special characters, such as single quotes, double quotes, backslashes, to ensure that the input provided by the user is clean before the data is queried. Note, however, that you are using this function in connection with the database.

However, it is deprecated to use mysql_real_escape_string (), and all new applications should perform database operations using libraries like PDO, which means we can use out-of-the-box statements to prevent SQL injection attacks.

2. Addslashes ()

The principle of this function is similar to mysql_real_escape_string (). However, do not use this function when the value of "MAGIC_QUOTES_GPC" is "on" in the php.ini file. The default value for MAGIC_QUOTES_GPC is on, which automatically runs Addslashes () for all GET, POST, and COOKIE data. Do not use Addslashes () for strings that have been MAGIC_QUOTES_GPC escaped, because this results in double-layer escaping. You can use the GET_MAGIC_QUOTES_GPC () function to determine if it is turned on.

3. Htmlentities ()

This function is useful for filtering data entered by the user. It converts some special characters into HTML entities. For example, user <> input <(<),输入>is converted to entity;. ( HTML entity table: http://www.w3school.com.cn/html/html_entities.asp) to prevent XSS and SQL injection attacks. <(<),输入>

4. Htmlspecialchars ()

In HTML, some specific characters have special meanings, and if you want to preserve the original meaning of the character, you should convert it to an HTML entity. This function returns the converted string, for example ' & ' (ampersand) to ' &amp ' (PS: Refer to the Entity reference table in the 3rd link)

PS: Here is the original error (see comment), here very thank Jin Yu proposed. is now corrected, plus the usual conversion characters for this function are attached:

The translations performed is:

    • ' & ' (ampersand) becomes ' & '
    • ' ' ' (double quote) becomes ' " ENT_NOQUOTES when was not set.
    • "'" (single quote) becomes "(or ') ENT_QUOTES If only then is set.
    • ' < ' (less than) becomes ' < '
    • ' > ' (greater than) becomes ' > '

5. Strip_tags ()

This function can remove all html,javascript and PHP tags from the string, but you can also make certain tags appear by setting the second parameter of the function.

6. MD5 ()

From a security standpoint, it's not recommended for some developers to store simple passwords in a database. The MD5 () function can produce a 32-character MD5 hash of a given string, and the process is irreversible, i.e. you cannot get the original string from the result of MD5 ().

Now this function is not considered safe because the open source database can reverse-check the plaintext of a hash value. Here you can find a list of MD5 hash databases

7. SHA1 ()

This function is similar to MD5 (), but it uses a different algorithm to produce a 40-character SHA-1 hash (MD5 produces a 32-character hash). Also do not put the absolute security on this function, otherwise there will be unexpected results.

8. Intval ()

Don't laugh, I know this function has nothing to do with security. The Intval () function converts a variable into an integer type, which you can use to make your PHP code more secure, especially if you are parsing data such as ID and age.

Next: Pure CSS make bubble prompt box

http://www.bkjia.com/PHPjc/912243.html www.bkjia.com true http://www.bkjia.com/PHPjc/912243.html techarticle 8 Useful PHP security functions, do you know a few? , Very useful PHP original: Useful functions to provide secure PHP application translation: Useful PHP security Functions Translator: DWQS Security ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.