What Do Sanitisation and Validation Mean? Sanitisation and Validation are important terms to understand when writing PHP applications. Both in the context of this tutorial are about processes performed on user input. Sanitisation is cleaning user input to make it safe to process, and Validation is checking the data to see if it is: in the correct format; of the correct type etc. It is important to sanitise and validate data coming in from users of your PHP applications, because if it is left unchecked, the input may be used to facilitate an exploit. Some of the most common exploits involving user input are: code injection, sql injection and header injection. And we will have a look at some of these during the tutorial.
Validation is a vital topic when handling user input. It helps to improve security, improve usability and reduce the amount of bugs in your program. To validate something, we first work out a criteria which our user input has to conform to. For example, we might want the user input to be a number between 10 and 99, we then test the user input against these rules, and if the input fails the check(s) we will not use the data and inform the user that they have input something incorrect. Ok, but what does that mean in terms of code? Well here’s an example of the code you might use to test a number to see if it is between 10 and 99. Read more…
What are references? References are a tool in PHP that we can use to access the content of a variable through several identifiers (“names”). When a reference is modified, the content it points to will be changed directly, this means that when editing a reference or the original variable we change it for everything referencing that content simultaneously. To put it into context, say you had set up a company, and you applied for a P.O. Box for your office. You would then have two addresses, which point to the same place. References are like the P.O. box, they are “addresses” through which we can modify the content of a variable. In terms of code we could have a variable called $var and then make a reference to it called $vartwo, when $var is edited, $vartwo also changes and vica versa. References are created using “reference binding” this is very similar to assignment, but uses =& (equals ampersand) to tell the PHP parser that we are creating a reference and not a new variable. Below is an example of creating and using references to manipulate variables: Read more…
In a statement issued today, the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.
If you missed it, yesterday McAffee released a report outlining details of the cyber assault on Google and around 20 other major technology companies. It specifically implicates a critical flaw in all versions of IE that allows hackers to “perform reconnaissance and gain complete control over the compromised system.” Microsoft has responded that it is developing an update to the vulnerability. Read more…
As rewarding as web development is, it can also be a pain sometimes, especially if you spend half your time looking for the right tools and resources. Well, I’ve done the work for you with this one, and have compiled a list of over 120 web development resources to make your life easier.
Reference and General Resources
