PHP Security Cheatsheet
- Use PDO
- CSRF
Database
Never concatenate or interpolate data in SQL. Use prepared statements instead. Use an ORM. USE UTF-8
Authentication and Session Management
Bind session to IP address.
Security Basics
1, Validate (is_int etc) or cast? 2, check isset() 3, strip tags 4, htmlentities() converts characters to html enteties to allow tags to be stored/displayed. 5, use preg_match() - true or false