Despite the fact that PHP is designed with security in mind, a familiarity with its more
dangerous aspects and conformance to common secure programming guidelines is essential to
minimizing the possibility of security compromises. The aim of this document is to provide an
overview of various security issues with PHP and to offer advice on secure PHP programming
"In the following sections, we will identify a number of
causes that commonly lead to violations of the security of
PHP scripts and ultimately the systems on which these
scripts are executing. We will then develop some
guidelines for strengthening the security of PHP and for
writing secure code. ..."
"From a security perspective, environment variables and user input data really aren't very
different. They all represent data of unknown origin that may be hostile. Therefore, their
use should be minimized whenever possible and their content examined and filtered the
rest of the time. ..."