Okay, today should be the last day of Security topics (finally).  The first one we’re going to cover is:

Continue Reading »

SQL Injection – everyone talks about it, but most people fail to protect against it.  This, just like most other security concerns with PHP are INCREDIBLY easy to protect against!  To explain how to protect against SQL Injection, it’s best if I show you how to perform an attack first.  Let us suppose your login page POSTs to a file called login.php where this code resides:

Continue Reading »

Yesterday I explained the basic #1 rule of security when building a website – "Never Trust the User."  Today I’m going to show you why and how a malicious user can attack your website.

Continue Reading »

Okay, so before I start this next chapter, I have something very important to say.  There are a large amount of people out there who believe that PHP is a terrible language.  Their claims are based on the fact that 90% of applications built with PHP are of poor quality, don’t perform well, or are extremely vulnerable to attack.  This is, in no way, a fault of the language.  In-fact, it’s the crappy developers that are to blame.  While .NET languages do everything for you (drag a button, double click, change text), PHP developers have to do everything from scratch (write HTML code for button, intercept GET/POST data, display response).  This leaves a HUGE amount of room for error, poor design, and, of course, stupid mistakes.

Anyway, PHP is an awesome language, you just have to suck less when writing in it.  Now back to the chapter (Security and you!).

Continue Reading »

I can’t believe I’m spending so much time on this XML subject (granted it’s my weakest area as I haven’t had a chance to use it yet).  I think tomorrow I’ll implement the XML manipulation of iTunes AppStore data (that will make a LOT of people happy).

Continue Reading »