Essential PHP Security


Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the ...

See more details below
$22.38 price
(Save 25%)$29.95 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (19) from $1.99   
  • New (8) from $10.40   
  • Used (11) from $1.99   
Essential PHP Security

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$13.49 price
(Save 43%)$23.99 List Price


Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

  • Preventing cross-site scripting (XSS) vulnerabilities
  • Protecting against SQL injection attacks
  • Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

"PHP Web Application Security" helps readers build secure Web applications, using Apache and MySQL along with PHP 5. The book details the attacks that hackers use against Web sites, and shows how to correctly configure Apache and PHP to guard against them.

Read More Show Less

Product Details

  • ISBN-13: 9780596006563
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 10/20/2005
  • Edition number: 1
  • Pages: 130
  • Sales rank: 826,791
  • Product dimensions: 7.00 (w) x 9.14 (h) x 0.28 (d)

Meet the Author

Chris Shiflett, an internationally recognized expert in the field of PHP security, is the founder and President of Brain Bulb, a PHP consultancy. Chris has been developing web applications with PHP for several years and regularly speaks at OSCON, ApacheCon, and PHP users conferences in North America. He is the author of the HTTP Developer's Handbook (Sams) and writes frequently about web application security. As an open source advocate, he maintains several open source projects and is a member of the PHP development team.

Read More Show Less

Table of Contents

What's Inside;
Style Conventions;
Comments and Questions;
Safari Enabled;
Chapter 1: Introduction;
1.1 PHP Features;
1.2 Principles;
1.3 Practices;
Chapter 2: Forms and URLs;
2.1 Forms and Data;
2.2 Semantic URL Attacks;
2.3 File Upload Attacks;
2.4 Cross-Site Scripting;
2.5 Cross-Site Request Forgeries;
2.6 Spoofed Form Submissions;
2.7 Spoofed HTTP Requests;
Chapter 3: Databases and SQL;
3.1 Exposed Access Credentials;
3.2 SQL Injection;
3.3 Exposed Data;
Chapter 4: Sessions and Cookies;
4.1 Cookie Theft;
4.2 Exposed Session Data;
4.3 Session Fixation;
4.4 Session Hijacking;
Chapter 5: Includes;
5.1 Exposed Source Code;
5.2 Backdoor URLs;
5.3 Filename Manipulation;
5.4 Code Injection;
Chapter 6: Files and Commands;
6.1 Traversing the Filesystem;
6.2 Remote File Risks;
6.3 Command Injection;
Chapter 7: Authentication and Authorization;
7.1 Brute Force Attacks;
7.2 Password Sniffing;
7.3 Replay Attacks;
7.4 Persistent Logins;
Chapter 8: Shared Hosting;
8.1 Exposed Source Code;
8.2 Exposed Session Data;
8.3 Session Injection;
8.4 Filesystem Browsing;
8.5 Safe Mode;
Appendix A: Configuration Directives;
A.1 allow_url_fopen;
A.2 disable_functions;
A.3 display_errors;
A.4 enable_dl;
A.5 error_reporting;
A.6 file_uploads;
A.7 log_errors;
A.8 magic_quotes_gpc;
A.9 memory_limit;
A.10 open_basedir;
A.11 register_globals;
A.12 safe_mode;
Appendix B: Functions;
B.1 eval();
B.2 exec();
B.3 file();
B.4 file_get_contents();
B.5 fopen();
B.6 include;
B.7 passthru();
B.8 phpinfo();
B.9 popen();
B.10 preg_replace();
B.11 proc_open();
B.12 readfile();
B.13 require;
B.14 shell_exec();
B.15 system();
Appendix C: Cryptography;
C.1 Storing Passwords;
C.2 Using mcrypt;
C.3 Storing Credit Card Numbers;
C.4 Encrypting Session Data;
About the Author;

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted June 12, 2006


    Are you a developer who is writing insecure PHP code? If you are, then this book is for you! Author Chris Shiflett, has done an outstanding job of writing a practical book that will help you improve your PHP application-level security. Shiflett, begins by giving an overview of security principles and best practices. Then, the author covers form processing and attacks such as cross-site scripting and cross-site request forgeries. He continues by focusing on using databases and attacks such as SQL injection. Then, the author explains PHP's session support and shows you how to protect your applications from attacks such as session fixation and session hijacking. Then, he covers the risks associated with the use of includes, such as backdoor URLs and code injection. Next, the author discusses attacks such as filesystem traversal and command injection. Then, he shows you how to create secure authentication and authorization mechanisms and how to protect your applications from things like brute force attacks and replay attacks. Finally, the author explains the inherent risks associated with a shared hosting environment. This most excellent book brings long-needed security guidelines to PHP developers everywhere. More importantly, the content of this book will be an asset to your development teams.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)