PHP Manual
Copyright
PHP Manual
Getting Started
Installation and Configuration
Language Reference
Security
Features
Function Reference
PHP at the Core: A Hacker's Guide
FAQ
Appendices
expect://
Introduction
PHP Manual
PHP Manual
Security
Table of Contents
Introduction
General considerations
Installed as CGI binary
Possible attacks
Case 1: only public files served
Case 2: using cgi.force_redirect
Case 3: setting doc_root or user_dir
Case 4: PHP parser outside of web tree
Installed as an Apache module
Filesystem Security
Null bytes related issues
Database Security
Designing Databases
Connecting to Database
Encrypted Storage Model
SQL Injection
Error Reporting
Using Register Globals
User Submitted Data
Magic Quotes
What are Magic Quotes
Why did we use Magic Quotes
Why not to use Magic Quotes
Disabling Magic Quotes
Hiding PHP
Keeping Current