Home >>Advance PHP Tutorial >PHP Security

PHP Security

PHP Security Function: strip_tags, filter_var, Md5 and sha1

Potential security threats

Your System is attacked by basically two groups of people:

  • Users –The users enter wrong parameters which put a negative effect on a web application or website.
  • Hackers -Hackers intentionally disrupt the application and intentionally gain access to unauthorized data

These are the following kinds of attack:

Cross-site scripting – This kind of attack inserts a harmful code usually in JavaScript. This can be done by using user input forms like comments forms and contact us.

  1. It can be used to collect retrieve sensitive information such as cookies data.
  2. It can be used to redirect the user to another website or a different URL.
  3. Other threats – Shell Injection, PHP code injection, Email Injection.

SQL Injection – This Kind of attack adds harmful code to SQL statements. This can be executed either from user input forms or URLs that use variables.

The code is being added code comments the condition in the WHERE clause of an SQL statement.

  1. Insert- It inserts that type of a condition that will always be true.
  2. Delete –It deletes data from a table.
  3. Update –It Update data in a table.
  4. This Kind of attack is usually used to gain unauthorized access to an application.

PHP Application Security Tips:

Now let's look at some of the PHP Security Tips that we must to know consider when developing our applications:

PHP strip_tags

This strip_tags functions removes JavaScript, HTML or PHP tags from a string.

This function is useful to protect our applications from attacks such as cross site scripting.

Let’s take an example of an application that accepts comments from users.

<?php
$user_input = "phptpoint is Awesome";
echo "<h4>This is my Commenting System</h4>";
echo $user_input;
?>

Assuming you have saved comments.php "if you use XAMPP" you can do that in you htdocs folder

normal_comment

Let's assume you receive the following as the user input <script>alert('welcome to phptpoint!');</script>

<?php
$user_input = "<script>alert('welcome to phptpoint!');</script>";
echo "<h4>This is my  Commenting System</h4>";
echo $user_input;
?>

Browse to the URL http://localhost/demo/comments.php

normal_comment

Let's now secure our application from such attacks using strip_tags function.

<?php
      $user_input = "<script>alert('hello phptpoint!');</script>";
     echo strip_tags($user_input);
     ?>

Browse to the URL http://localhost/demo/comments.php

normal_comment

PHP filter_var function

The filter_var function is used to for data validation and sanitization.

If the data is of the right type then you can check the validation and you will get the false result while checking numeric validation on a string.

For complete reference check this link filter_var.

Sanitization helps to remove illegal characters from a string.

It uses the filter_var function and FILTER_SANITIZE_STRIPPED constant to strip tags or encode unwanted characters. This filter helps to removes data that can be potentially harmful for your application.

Let's take an example:

<?php
$user_input = "<script>alert('Your site sucks!');</script>";
echo filter_var($user_input, FILTER_SANITIZE_STRIPPED);
?>

Mysql_real_escape_string function - This function protect an application against SQL injection and used to create a legal SQL string.

Let's take an example that we have the SQL statement for validating the user id and password.

<?php
SELECT userid,pswd,role FROM users WHERE userid = 'admin' AND password = 'pass';
?>
A vicious user can enter the following code in the user login box.‘OR’ 1 = 1- And abcd in the password text box , below is the authentication code module.
<?php
$userid = "' OR 1 = 1 -- ";
$pswd = "abcd";
$sql = "SELECT userid,pswd,role FROM users WHERE userid = '$userid' AND password = '$pswd';";
echo $sql;
?>
Output:
SELECT userid,pswd,role FROM users WHERE userid = '' OR 1 = 1 -- ' AND password = abcd;

HERE,

  1. "SELECT * FROM users WHERE user_id = ''" tests for an empty user id".
  2. "OR 1 = 1 " is a condition that will always be true.
  3. "--" comments that part that tests for the password.

Let's now use mysql_real_escape_string function to secure login module.

<?php
$userid = mysql_real_escape_string("' OR 1 = 1 -- ");
$pswd = mysql_real_escape_string("abcd");
$sql = "SELECT userid,pswd,role FROM users WHERE userid = '$userid' AND password = '$pswd';";
echo $sql;
?>
Output:
SELECT userid,pswd,role FROM users WHERE userid = '\' OR 1 = 1 -- ' AND password = abcd;

PHP Md5 and PHP sha1.

Sha1 is the acronym for secure Hash Algorithm 1 and Md5 is the acronym for Message Digest 5.

Both the acronym are used to encrypt strings.

When in case a string has been encrypted, it is tedious to decrypt it.

When storing in passwords in the database Md5 and sha1 are very useful.

The code below shows the implementation of md5 and sha1

<?php
echo "MD5 Hash: " . md5("password");
echo "SHA1 Hash: " . sha1("password");
?>

Assuming you have saved the file hashes.php in in your folder, browse to the URL

normal_comment


Popular Tutorials