How to Secure Your PHP Application by Using Prepared Statements
Here’s a bug that has burned more developers than almost any other: you drop a variable straight into a SQL string,
Delve into the world of server-side scripting with our PHP resources, guiding you from the basics to advanced development techniques.
Here’s a bug that has burned more developers than almost any other: you drop a variable straight into a SQL string,
A user logs in. Your app hands them a session ID. From that moment on, that little string is the only
Most PHP backdoors we clean off hacked WordPress sites share one line: eval(). It hands attackers a way to run whatever
A single line, unserialize($_GET[‘data’]), has handed attackers full control of more servers than most developers would like to admit. It looks
If you’ve ever managed PHP dependencies by hand, you know the drill. Download a zip, drop it in a lib folder,
An uncaught error at 2am tells you two things: what broke, and how badly your logging let you down. If the
If you learned PHP a decade or more ago, you probably reached for session_register() without a second thought. Then one day
You upgrade PHP on a Friday, and by Monday your error log is full of “Deprecated:” lines you have never seen
One line of PHP is all it takes. A developer wires a page loader off a URL parameter, ships it, and
You upgrade PHP, reload the site, and there it is in the logs: Deprecated: …. Nothing broke. The page still works.
WordPress runs north of 40% of the web, and most of that power comes from plugins. That’s the trade. Plugins hand
If you have ever inherited an old PHP codebase, you have probably met magic_quotes_gpc. It was PHP’s attempt to keep you
Someone leaves a comment on your site. It looks ordinary. But tucked inside the text is a <script> tag, and the
Open the access log on almost any WordPress site and you’ll find them: a slow, patient drip of POST requests to
If you’ve inherited an old PHP app, there’s a good chance its passwords are sitting in the database as md5() or
You inherit a PHP project, open two files, and find two classes both called User. One is yours. One came from
Sooner or later, you inherit a PHP codebase that still leans on each(). You bump the server to PHP 8, hit
Here’s the scenario that ends careers: you pull a value from a cookie, a form field, or a cache row an
You bump an old project to PHP 8, hit refresh, and the page dies: Call to undefined function mbereg(). Nothing wrong
Every PHP developer reaches for foreach. It’s the first loop you learn, and it never really lets you go. Nothing wrong