.I am working as a PHP software developer in Bangalore.I am new to the PHP language.I have some doubts.please clarify me.

  1. IN PHP what are the things we want to concentrate On Web Application development.

  2. What are the security issues are their?.

  3. What is sql Injection?how to avoid?

  4. what are all the other possibilities of hacking is their in PHP .

  5. what are all the testing tool available in PHP?

  6. How to secure my application?

diafol commented: Read the php sticky thread - this is totally inane -3

Recommended Answers

All 6 Replies

PHP software developer in Bangalore.I am new to the PHP language.

Maybe you need to be at least moderately competent with a language before you become a software developer using it?

OSWASP do a very good job at writing stuff about software security.

use as the first line of every script
<?php die('security error'); ?>
nothing will be ever attacked

THE ABOVE IS A JOKE ANSWER TO A RIDICULOUS QUESTION
Yet another "professional" completely ignorant of that which they claim as their profession.

let us know what you are developing, so we can avoid considering using it

commented: good answer. still laughing... +15

what are all the testing tool available in PHP?

There is a wapiti vulnerability scanner if you know the basics of python command line interface.

This tool is the best you can get in open source.

Member Avatar for diafol

I am working as a PHP software developer

But you say...

I am new to the PHP language.

Seems to me that you're taking the piss and want to waste people's time trying to do your research for you. Stop being a lazy timewaster and do your own work.

The only question I will answer is #3. SQL injection is when someone alters an SQL query predicate to do something other than what the web site developers intended. How do you avoid it? You don't allow SQL queries or query predicates directly in HTTP GET/POST messages. You take the elements you want to fetch/change and pass them directly to a stored procedure in the database that can properly validate the information. It is never to be used to create an SQL string, even in the stored procedure. Rather, the data is used to bind to SQL variables which will not allow the attacker to override the intended behavior of the system.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.