security measures

dblank

Hi I've just started doing a bit of PHP, and am now in the processs of designing a charity site. However I've been reading a bit and have become a bit paranoid about security. What kind of things are sites vulnerable to? I've read a bit about SQL injection attacks, and I guess the thing to do there is to parse the input and get rid of special symbols. However I don't know what symbols to be careful of. Are just semicolons and quotation marks enough?
Also if I wanted greater security is hard coding a username and password without a database safer? If someone typed in special characters or unexpected code would this compromise a security risk?
I just want to start off on the right foot with regards to security before I write too much code that turns out to be useless.

siefkencp

Dblank,
Security is one of those things that's difficult to nail down. That said there are practices we use to make us all breath a bit easier. As far as storing info in MySQL goes, under most cercumstances it remains fairly secure.

The idea behind an SQL injection is that some one uses a form field or variable you have in your scrip to run a query (or part of one) that could cause havoc or allow the user to gain remote access to your database.

Security mesures can vary. For the very concerned, data such as credit cards and so on can be split up at the time of processing and not stored in all one location. You can also encrypt credit card numbers (check out php.net's encryption functions). Read up on Magick Quotes a php.ini setting which are also in place to help protect agains would be SQL injectors.

There is a fair amount of information out there for the grabbing, google a bit and come back if you would like some more specific questions answered. Or if you would like some one to breaze over some code to see if it could have security flaws.

Hope that helps,
Chris