And, you can add to this

> Never trust data from the client...always filter it(I use an lib to do
> Make sure register_globals is off or code accordingly.

Make sure that you're using SSL (https).

Also, (maybe not directly related though...) if possible, separate your web
server from your database server. And also, you might want to create
different database users for different purposes (i.e. one user can ONLY
select, another ONLY for updating, etc.). You can even forget about a user
that can delete data--you can always do it yourself offline or at least not
via the web server.


- E

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to