8 Security-related PHP functions

Source: Internet
Author: User
Tags md5 hash
Security issues are an important part of programming language, with functions, modules, or other functions that ensure security in almost any real language. In the modern Internet, we often have to get input data from users around the world. However, we all know that "you can never trust data entered by those users." So in a variety of web development languages, there are functions that guarantee user input data security. Today, let's take a look at the functions provided in PHP as the most famous open source language.

In PHP, there are some useful and handy functions that can help your site prevent problems like SQL injection attacks, XSS attacks, and so on. Let's look at these functions in PHP that guarantee project security, and the functions listed below are just some of the things I find useful for your project and may not be complete.

1. Mysql_real_escape_string ()

This function is useful for preventing SQL injection attacks in PHP, with special characters, such as single quotes and double quotes, plus a "backslash" to ensure that the user's input is safe before it is queried. But you should be aware that you are using this function in connection with the database.

But now mysql_real_escape_string () This function is basically no, all new application development should use a library like PDO to operate the database, that is, we can use ready-made statements to prevent SQL injection attacks.


2. Addslashes ()

This function is similar to the above mysql_real_escape_string (). Note, however, that this function is not used when setting the value of MAGIC_QUOTES_GPC in file php.ini to "on". By default, MAGIC_QUOTES_GPC is on and automatically runs Addslashes () for all GET, POST, and COOKIE data. Do not use Addslashes () for strings that have been MAGIC_QUOTES_GPC escaped, because this results in double-layer escaping. You can check the value of this variable by using the GET_MAGIC_QUOTES_GPC () function in PHP.


3. Htmlentities ()

This function is useful for filtering user input data, and it can convert characters to HTML entities. For example, when the user enters the character "<", the function is converted into HTML entity <, thus preventing XSS and SQL injection attacks.


4. Htmlspecialchars ()

Some characters in HTML have special meanings, and if they are to be translated into HTML entities, the function returns the converted string, for example, ' & ' amp will be ' & '.


5. Strip_tags ()

This function can remove all html,javascript and PHP tags from the string, but you can also make certain tags appear by setting the second parameter of the function.


6. MD5 ()

Some developers store passwords very simply, which is not good from a security standpoint, and the MD5 () function can produce a 32-character MD5 hash of a given string, and the process is irreversible, i.e. you cannot get the original string from the result of MD5 ().

7. SHA1 ()

This function is similar to MD5 () above, but it uses a different algorithm, resulting in a 40-character SHA-1 hash (MD5 produces a 32-character hash).


8. Intval ()

Don't laugh, I know this is not a security-related function, it is a variable that is converted to an integer type. However, you can use this function to make your PHP code more secure, especially if you are parsing data such as ID and age.

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.