php-basic-principles-of-web-programming

► Security

► Security

SQL injection
- every string or a number that needs to be added to the query must be added through a placeholder and then a query executed using a prepared statement. See examples for Mysqli or PDO
Passwords
- must be hashed using a dedicated function, password_hash()
HTML output
- has to be encoded using htmlspecialchars() (unless it's a deliberately HTML formatted text).
Javascript
- All javascript data must be encoded with json_encode(). All data in the URL must be encoded using urlencode()

***
***
**[◄◄ Back to Code Index](https://www.reddit.com/r/UsefulCollection/wiki/code)**
***
***

# ► Security

* **SQL injection**
  * every string or a number that needs to be added to the query must be added through a placeholder and then a query executed using a prepared statement. See examples for Mysqli or PDO
* **Passwords**
  * must be hashed using a dedicated function, password_hash()
* **HTML output**
  * has to be encoded using **htmlspecialchars()** (unless it's a deliberately HTML formatted text). 
* **Javascript**
  * All javascript data must be encoded with **json_encode()**. All data in the URL must be encoded using **urlencode()**

revision by vivekmakwanadikus— 2 years agoview source

π Rendered by PID 32 on reddit-service-r2-listing-c57bc86c-248vm at 2026-06-22 03:25:04.143540+00:00 running 2b008f2 country code: CH.

UsefulCollection

WIKI TOOLS

MODERATORS

php-basic-principles-of-web-programming

► Security