13. Security in PHP

Featured

📲 Download Utility Tools Apps

EMI Calculator

Download EMI Calculator

SOA Games

Download SOA Games

SOA Technology App

Download SOA Technology

BMI Checker

Download BMI Checker

Task Jira

Download Task Jira

Laughing Adda

Download Laughing Adda

📅 हिंदी कैलेंडर ऐप डाउनलोड करें

Download Shubhcalendar App

13. Security in PHP

April 1, 2026 in Php

Security is critical in web development. A single mistake can expose your database, users, and server.

🛑 1. SQL Injection Prevention

❌ Problem:

User input directly added to SQL query:

$username = $_GET['username'];
$query = "SELECT * FROM users WHERE username = '$username'";

👉 Attacker can input:

' OR 1=1 --

✅ Solution: Use Prepared Statements

Using PDO:

$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
$stmt->execute([$username]);

Using MySQLi:

$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();

✔ Prevents SQL injection completely

⚠️ 2. XSS (Cross-Site Scripting) Protection

❌ Problem:

Displaying user input directly:

echo $_GET['name'];

👉 Attacker injects:

<script>alert('Hacked')</script>

✅ Solution: Escape Output

echo htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8');

✔ Converts <script> → safe text
✔ Prevents JavaScript execution

🔁 3. CSRF Protection (Cross-Site Request Forgery)

❌ Problem:

User performs actions without verification

✅ Solution: Use CSRF Token

Step 1: Generate token

session_start();
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));

Step 2: Add in form

<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">

Step 3: Validate

if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
    die("Invalid CSRF token");
}

✔ Ensures request is from real user

🔑 4. Password Hashing

❌ Never do this:

$password = md5($password);

✅ Correct Method:

$hash = password_hash($password, PASSWORD_DEFAULT);

Verify password:

if (password_verify($password, $hash)) {
    echo "Login successful";
}

✔ Uses strong encryption (bcrypt/argon)
✔ Automatically handles salting

🧼 5. Data Sanitization

Purpose:

Clean user input before processing

Methods:

Trim spaces:

$name = trim($_POST['name']);

Remove unwanted characters:

$name = filter_var($name, FILTER_SANITIZE_STRING);

Validate email:

$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);

🚀 Bonus: Best Practices

✔ Always validate input (server-side)
✔ Use HTTPS
✔ Disable error display in production

ini_set('display_errors', 0);

✔ Use secure session:

session_regenerate_id(true);

✔ Set proper headers:

header("X-XSS-Protection: 1; mode=block");
header("X-Frame-Options: SAMEORIGIN");

📌 Summary Table

ThreatSolution
SQL InjectionPrepared Statements
XSShtmlspecialchars()
CSRFToken validation
Password Leakpassword_hash()
Dirty Inputfilter_var()
🇮🇳 Amazon India 🌍 Amazon Global

aditya singh

AI Spiritual Tools & Interactive Experiences

Explore powerful AI-driven tools for daily guidance, spirituality, fun quizzes, and self-discovery.

Today’s Quote

Get inspiring daily quotes powered by AI to motivate and guide your day.

Explore Now

AI Tarot Card Reader

Reveal insights about your future, love, and career with AI tarot readings.

Read Tarot

Love Match Calculator

Check compatibility and love predictions using AI-based analysis.

Check Match

Fortune Cookie

Open an AI fortune cookie and receive wisdom, luck, and fun messages.

Open Cookie

Quiz Categories

Engage with knowledge-based and fun quizzes across multiple categories.

Start Quiz

Panchang Calendar

View daily Panchang, auspicious timings, tithi, nakshatra, and festivals.

View Panchang

Online Numerology

Discover your destiny number, life path, and numerology predictions.

Calculate Now

Spiritual Feeds

Stay connected with spiritual thoughts, mantras, and divine content.

View Feeds

Quiz Hub

Attempt trending quizzes on GK, spirituality, festivals, and more.

Explore Quizzes