Tips & Tricks in PHP

[Perfection]

The phpinfo() function will list your php.ini variables and scan them for insecure settings. Keep this page in a restricted place and do not allow public access to it. The output of phpinfo() contains information that a potential hacker might find extremely useful.

Code:

<?php phpinfo() ;

Some settings to consider when configuring PHP for security include:

1. register_globals: It has to be changed to "off". It exports all user input as global variables.
2. safe_mode: The safe mode setting can be very useful to prevent unauthorized access.
3. disable_functions: This setting can only be set in your php.ini file, not at runtime. It can be set to a list of functions that you would like disabled in your PHP installation. It can help prevent the possible execution of harmful PHP code. Some functions that are useful to disable if you do not use them are system and exec, which allow the execution of external programs.

[Perfection]

* By default the index.php file is included in the URL, but it can be removed using a simple .htaccess file.

* Programmers love to code and hate to write documentation. Well documented program is easy to rebuild and debug.

* The only way to really judge an application is to try it and get to know the code.