What is PHP security tips?
Avoid the use of global variables. Hence it must be ensured that register_globals option is not enabled.
Use of variables designed to be set by GET or POST requests.
Store passwords in an encrypted format
Avoid storing credit card and other secured information. Trust a third party gateway.
Make use of server side validations and avoid trusting the user input.
Example: if the expected value is integer, use the intval function.
$post_id = intval($_GET[‘post_id’]);
mysql_query(“SELECT * FROM post WHERE id = $post_id”);
Avoid using user input directly in the query. Mysql_real_escape_string()
Always use the updated version of php