Security and Debugging

Security concepts
  • PHP web application security is most vulnerable to entry.
  • User input is done via user controls.
  • Every unsafe data entering the PHP application must be filtered.
  • In the filtering process we distinguish the notions of white and black list.
  • At the entrance, the control and the referrer must be checked.
  • On exit, the user-defined contents must be checked.
  • At the database, the SQL queries must be checked.
  • Register globals allow automatic creation of variables by parameter name.
  • To make the application more secure, register globals must be disabled.
  • When activating the existing code, a check of the included files must be done, preferably through the white list.
Validation and validation filters
  • Security is the most important feature of a web application.
  • Data validation can be done on the client and server page of the application.
  • If something isn’t visible on the page, that doesn’t mean it isn’t visible in the HTML source code either.
  • The referrer is the location from which the client is directed to the page by means of a link.
  • JavaScript is used for validation on the client.
  • PHP has built-in validation functions.
  • The built-in PHP validation function is called filter_var and receives the variable to check and the type of validation to perform on it.
Error handling
  • The most frequent cause of errors is the problem of accessing external resources (files, database, user input, stream).
  • Errors are prevented by logic in the code, by processing exceptions and errors.
  • The bug can be turned on manually.
  • Three general types of errors are:
    • Syntax errors;
    • Errors occurring during code execution;
    • Logical errors. 
  • You can make your own error handling handler, which will catch all errors or only those of a certain type, and with this handler you can overwrite the built-in handler.
  • You can throw your own exception during code execution.
  • You can create your own exception class that inherits the Exception class.
  • Exceptions are handled in such a way that the main code is placed in the try block, and the alternative code in the catch block, where both blocks must exist, and the catch block must accept the exception type variable.