« expect://
Introduction »
PHP Manual
Security
Security
Introduction
General considerations
Installed as CGI binary
Possible attacks
Case 1: only public files served
Case 2: using cgi.force_redirect
Case 3: setting doc_root or user_dir
Case 4: PHP parser outside of web tree
Installed as an Apache module
Session Security
Filesystem Security
Null bytes related issues
Database Security
Designing Databases
Connecting to Database
Encrypted Storage Model
SQL Injection
Error Reporting
Using Register Globals
User Submitted Data
Magic Quotes
What are Magic Quotes
Why did we use Magic Quotes
Why not to use Magic Quotes
Disabling Magic Quotes
Hiding PHP
Keeping Current