What Is It With Php And Security?

sometime back, when i was learning html, one of my friends suggested that i skip to learning php and start coding in php directly. however i continued to learn html and then proceeded to looking into the basics of php. along the way i've seen many people warning beginners about using php codes directly online, without testing them for security. for html there was no danger of security because its all static. but php brings in dynamic programming and i kept seeing people telling each other to be careful about what to keep in the site because online hackers will be looking for amateurish websites and break into them easily.all this made me wonder, what is it with php and security?! is it dangerous to code in php online directly? should all the aspects of php be learnt before i start using php pages in my website? i am doubtful about all this and am looking for some answers. anyone who has some experience with php please answer this so that i can start using basic php pages in my website. thanks a lot for your time.

That is true. But that applies not only to PHP but other sites as well. You'll find SQL injection can be a security irrespective of the framework used, be it asp or php. So security is not just issue with php but with other languages as well. It's just that you're exposed to php world and that made you think like this. So my point is keeping in mind coding and database security, you can continue to code. There are some issue like this with every language that is used online. Be it ruby on rails, php or python.

And, of course, it depends strongly from what your program php really does.The program that simply says "hello, world!" has no hole security, and it cannot be used for any purpose other than saying "hello, world!"

I am by no means proficient in php and know only basic html, but when trying to create a website for a friend I came across a really useful article talking about the ten most common php vulnerabilities. The article would be quite old now, so I'm not sure how useful it will be, but it should provide insight at any rate.

CLICK HERE to view.

From what I gathered, it's not dangerous to use php as long as it is coded correctly. Not being good with php, I personally would either avoid using it until I learned more or use a graphical/WYSIWYG (what-you-see-is-what-you-get) program like adobe dreamweaver that will input the code blocks for you. Again, I haven't really used these programs so I am a little out of my league. My apologies if I'm incorrect or not making sense.

Hope this helps

Usually the security of your script depends on the programmer himself, Today when using frameworks, main security holes are usually removed, but still there are possibilities to leave security holes..Also, if you're website is small and has nothing special, it's a small chance that somebody will be interested in it, unless you have some pissed of friends who are mad on you? :)Also, sometimes security depends not on PHP, but on the server itself and the configuration.. Apache stuff and etc.

thank you for your replies everyone. i think i will practise more using xampp and once i am sure about my skills i think then only i will put up my site online. of course there's no real danger because its not any special site but still its best to be secure no matter what.

Also, if you're website is small and has nothing special, it's a small chance that somebody will be interested in it, unless you have some pissed of friends who are mad on you? biggrin.gif

that's right - my website is nothing special but i think some amateur hackers look for personal sites like these to try out their skills before going for the bigger sites so its better to be safe and protect my tiny site, even if no one else is going to visit it!

I am by no means proficient in php and know only basic html, but when trying to create a website for a friend I came across a really useful article talking about the ten most common php vulnerabilities. The article would be quite old now, so I'm not sure how useful it will be, but it should provide insight at any rate.

thanks for the article - i like reading top ten lists!