-3

.I am working as a PHP software developer in Bangalore.I am new to the PHP language.I have some doubts.please clarify me.

  1. IN PHP what are the things we want to concentrate On Web Application development.

  2. What are the security issues are their?.

  3. What is sql Injection?how to avoid?

  4. what are all the other possibilities of hacking is their in PHP .

  5. what are all the testing tool available in PHP?

  6. How to secure my application?

Edited by pritaeas: Fixed markdown.

Votes + Comments
Read the php sticky thread - this is totally inane
7
Contributors
6
Replies
39
Views
3 Years
Discussion Span
Last Post by rubberman
0

PHP software developer in Bangalore.I am new to the PHP language.

Maybe you need to be at least moderately competent with a language before you become a software developer using it?

OSWASP do a very good job at writing stuff about software security.

1

use as the first line of every script
<?php die('security error'); ?>
nothing will be ever attacked

THE ABOVE IS A JOKE ANSWER TO A RIDICULOUS QUESTION
Yet another "professional" completely ignorant of that which they claim as their profession.

let us know what you are developing, so we can avoid considering using it

Edited by almostbob

Votes + Comments
good answer. still laughing...
3

I am working as a PHP software developer

But you say...

I am new to the PHP language.

Seems to me that you're taking the piss and want to waste people's time trying to do your research for you. Stop being a lazy timewaster and do your own work.

0

The only question I will answer is #3. SQL injection is when someone alters an SQL query predicate to do something other than what the web site developers intended. How do you avoid it? You don't allow SQL queries or query predicates directly in HTTP GET/POST messages. You take the elements you want to fetch/change and pass them directly to a stored procedure in the database that can properly validate the information. It is never to be used to create an SQL string, even in the stored procedure. Rather, the data is used to bind to SQL variables which will not allow the attacker to override the intended behavior of the system.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.