Eight security-related PHP Functions

Eight security-related PHP Functions

Security issues are an important part of programming languages. In almost any practical language, some functions, modules, or other functions are provided to ensure security. In the modern Internet, we often need to obtain input data from users all over the world. However, we all know that "Never trust the data input by those users ". Therefore, various Web development languages provide functions to ensure the security of user input data. Today, let's take a look at the functions provided in PHP, the most famous open-source language.

 

In PHP, some very useful and convenient functions can help your website prevent problems such as SQL injection and XSS attacks. Let's take a look at the functions that can ensure project security in PHP. the functions listed below are only helpful to your project and may not be complete.

 

 

1. mysql_real_escape_string ()

 

This function is very helpful to prevent SQL injection attacks in PHP. It adds a backslash to special characters, such as single quotes and double quotation marks ", make sure that your input is safe before you use it for query. However, you must note that you use this function when connecting to the database.

 

But now the mysql_real_escape_string () function is basically no longer used. All new application development should use libraries such as PDO to operate the database. That is to say, we can use existing statements to prevent SQL injection attacks.

2. addslashes ()

 

This function is similar to mysql_real_escape_string. However, do not use this function when setting the value of magic_quotes_gpc in the php. ini file to "on. By default, magic_quotes_gpc is on, and addslashes () is automatically run for all GET, POST, and COOKIE data (). Do not use addslashes () for strings that have been escaped by magic_quotes_gpc, because this causes double-layer escape. You can use the get_magic_quotes_gpc () function in PHP to check the value of this variable.

 

3. htmlentities ()

 

This function is very useful for filtering user input data. It can convert characters into HTML entities. For example, when a user inputs the character "<", the function is converted to an HTML Entity <, thus preventing XSS and SQL injection attacks.

4. htmlspecialchars ()

 

Some Characters in HTML have special meanings. If such meanings are to be embodied, they must be converted to HTML entities. This function will return the converted string, for example, '&' is converted '&'.

5. strip_tags ()

 

This function can remove all HTML, JavaScript, and PHP tags in the string. Of course, you can also set the second parameter of this function to make some specific tags appear.

6. md5 ()

 

The passwords stored by some developers are very simple, which is not safe. The md5 () function can generate a 32-character md5 hash of the given string, and this process is irreversible, that is, you cannot obtain the original string from the md5 () result.

 

7. sha1 ()

 

This function is similar to the md5 () above, but it uses different algorithms, the SHA-1 hash is generated with 40 characters (md5 generates 32 characters ).

 

8. intval ()

 

 

Don't laugh. I know this is not a security-related function. It is converting a variable to an integer. However, you can use this function to make your PHP code safer, especially when you are parsing data such as id and age.

Original article: http://www.pixelstech.net/Article/1300722997-Useful-functions-to-provide-secure-PHP-application