Appendix B. Security
This chapter covers:
Security is an incredibly important topic in the field of web application development. As a PHP developer, you’re going to be responsible for the security of your PHP code, and your applications are sure to be the target of frequent attacks. This appendix tries to give a basic introduction to get you started on the right foot, so that you can learn strategies and techniques for secure PHP programming.
It also shows a few of the most common and dangerous attacks currently facing PHP developers, such as cross-site scripting (XSS) and SQL injection. You’ll see how these attacks are initiated and what steps you can take to protect your PHP applications.
Terminology is a necessary evil for computer programmers. What does filter mean? Is it the same thing as validate? What is input?
Filtering is a somewhat formal term with aliases that include validating, sanitizing, and cleaning. Interpretations vary, but security experts agree that a best practice is to consider filtering to be an inspection process. The purpose of the inspection is to determine whether the data being inspected is valid, thus why some people call this validation. Regardless of what you call it, this is a cornerstone of web application security.