PHP Manual
Copyright
PHP Manual
Getting Started
Installation and Configuration
Language Reference
Security
Features
Function Reference
FAQ
Appendices
expect://
Introduction
PHP Manual
PHP Manual
Security
Table of Contents
Introduction
General considerations
Installed as CGI binary
Possible attacks
Case 1: only public files served
Case 2: using cgi.force_redirect
Case 3: setting doc_root or user_dir
Case 4: PHP parser outside of web tree
Installed as an Apache module
Session Security
Filesystem Security
Null bytes related issues
Database Security
Designing Databases
Connecting to Database
Encrypted Storage Model
SQL Injection
Error Reporting
User Submitted Data
Hiding PHP
Keeping Current