View on GitHub

PHP Security Cheatsheet

PHP Security Cheat Sheet


Never concatenate or interpolate data in SQL. Use prepared statements instead. Use an ORM. USE UTF-8

Authentication and Session Management

Bind session to IP address.

UTF-8 All the Way

Filter Vars

Security Basics

1, Validate (is_int etc) or cast? 2, check isset() 3, strip tags 4, htmlentities() converts characters to html enteties to allow tags to be stored/displayed. 5, use preg_match() - true or false