Comments on: Top 7 PHP Security Blunders http://blog.tuvinh.com/top-7-php-security-blunders/ Web Design & Development, Software Development, Graphic Design Tue, 09 Mar 2010 05:37:51 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Paolo http://blog.tuvinh.com/top-7-php-security-blunders/comment-page-1/#comment-1194 Paolo Tue, 03 Nov 2009 11:41:49 +0000 http://blog.tuvinh.com/?p=1457#comment-1194 Are all these things addressed by Framworks? Are all these things addressed by Framworks?

]]> By: Andrew Ferk http://blog.tuvinh.com/top-7-php-security-blunders/comment-page-1/#comment-1184 Andrew Ferk Thu, 29 Oct 2009 14:23:04 +0000 http://blog.tuvinh.com/?p=1457#comment-1184 Hey what's up huongnt2, my buddy! I have a couple comments if you don't mind. SHA256 ------ sha256 is generally available with PHP 4/5. Depending on what's available you can use the mhash or hash fucntion. For example in PHP 4 here is how I do sha256: function sha256($string) { return bin2hex(mhash(MHASH_SHA256,$string)); } Also, if you need to store a password in the session... YOU DON'T, please pick up a new hobby and stop attempting to be a 'programmer'!!! SQL INJECTION ------------- And for SQL injection vulnerabilities, you can actually use the function mysql_real_escape_string... or if you are using a new version of PHP, there are actually classes with built-in escaping... who knew! SAFE MODE --------- Don't use it! Why? Read the manual: "Safe Mode is deprecated in PHP 5.3.0 and is removed in PHP 6.0.0." Get a virtual server for your hosting account and you won't have to worry about it. A lot of the stuff in this post is generally useful, but if people are just learning this... they are a decade behind :( Hey what’s up huongnt2, my buddy! I have a couple comments if you don’t mind.

SHA256
——
sha256 is generally available with PHP 4/5. Depending on what’s available you can use the mhash or hash fucntion. For example in PHP 4 here is how I do sha256:

function sha256($string)
{
return bin2hex(mhash(MHASH_SHA256,$string));
}

Also, if you need to store a password in the session… YOU DON’T, please pick up a new hobby and stop attempting to be a ‘programmer’!!!

SQL INJECTION
————-
And for SQL injection vulnerabilities, you can actually use the function mysql_real_escape_string… or if you are using a new version of PHP, there are actually classes with built-in escaping… who knew!

SAFE MODE
———
Don’t use it! Why? Read the manual: “Safe Mode is deprecated in PHP 5.3.0 and is removed in PHP 6.0.0.” Get a virtual server for your hosting account and you won’t have to worry about it.

A lot of the stuff in this post is generally useful, but if people are just learning this… they are a decade behind :(

]]> By: Canyon http://blog.tuvinh.com/top-7-php-security-blunders/comment-page-1/#comment-1183 Canyon Thu, 29 Oct 2009 13:30:54 +0000 http://blog.tuvinh.com/?p=1457#comment-1183 I think there is a misqtake here : if (get_magic_quotes_gpc()).. instead of if (!get_magic_quotes_gpc()) Cordially I think there is a misqtake here : if (get_magic_quotes_gpc()).. instead of if (!get_magic_quotes_gpc())
Cordially

]]> By: z.Yleo77 http://blog.tuvinh.com/top-7-php-security-blunders/comment-page-1/#comment-1182 z.Yleo77 Thu, 29 Oct 2009 12:39:14 +0000 http://blog.tuvinh.com/?p=1457#comment-1182 a good article which is very useful for me... a good article which is very useful for me...

]]> By: uberVU - social comments http://blog.tuvinh.com/top-7-php-security-blunders/comment-page-1/#comment-1178 uberVU - social comments Tue, 27 Oct 2009 19:09:31 +0000 http://blog.tuvinh.com/?p=1457#comment-1178 <strong>Social comments and analytics for this post...</strong> This post was mentioned on Twitter by yousukezan: RT @tweetmeme Top 7 PHP Security Blunders | TuVinhSoft .,JSC http://bit.ly/3wkQzZ... Social comments and analytics for this post…

This post was mentioned on Twitter by yousukezan: RT @tweetmeme Top 7 PHP Security Blunders | TuVinhSoft .,JSC http://bit.ly/3wkQzZ...

]]>