⚙️
PHP Tools Hub
Tools
PHP
Quick
Contact
Home
>
Tutorials
>
PHP
>
PHP Security
PHP Security Tutorials
134 tutorials found.
📘
Check MIME Type
File Upload Security | Type Validation | PHP
📘
Create Secure Hash
Password Hashing | password_hash Function | PHP
📘
Cross Origin Resource Sharing
CORS | Overview | PHP
📘
Directory Traversal Attack
Path Traversal | What is Path Traversal | PHP
📘
Don't Show Errors to Users
Production Security | display_errors Off | PHP
📘
Injection in Log Files
Log Forging | What is Log Forging | PHP
📘
LDAP Query Attack
LDAP Injection | What is LDAP Injection | PHP
📘
Prevent Brute Force
API Security | Rate Limiting | PHP
📘
Prevent Clickjacking
HTTP Headers | X-Frame-Options | PHP
📘
Redirect HTTP to HTTPS
HTTPS | Force HTTPS | PHP
📘
Server Side Request Forgery
SSRF Prevention | What is SSRF | PHP
📘
Store Secrets Outside Code
Environment Security | .env Files | PHP
📘
Use HTTPS Only
Session Security | Session Hijacking | PHP
📘
Validate and Sanitize
Input Validation | filter_var Function | PHP
📘
What is Cross Site Scripting
XSS Prevention | Overview | PHP
📘
What is CSRF Attack
CSRF Prevention | Overview | PHP
📘
What is SQL Injection
SQL Injection | Overview | PHP
📘
Whitelist Resource Sources
CSP Header | Content-Security-Policy | PHP
📘
XML External Entity Attack
XXE Prevention | What is XXE | PHP
📘
Access Environment Variables
Environment Security | getenv Function | PHP
📘
Access-Control-Allow-Origin Header
CORS | Allow Origin | PHP
📘
bin2hex random_bytes
CSRF Prevention | Token Generation | PHP
📘
Convert Special Characters
XSS Prevention | htmlspecialchars | PHP
📘
Direct Variable in Query
SQL Injection | Vulnerable Code | PHP
📘
Disable External Entities
XXE Prevention | libxml_disable_entity_loader | PHP
📘
Escape LDAP Special Chars
LDAP Injection | ldap_escape Function | PHP
📘
Fallback Source Policy
CSP Header | default-src | PHP
📘
Get Real MIME Type
File Upload Security | finfo_file Function | PHP
📘
JSON Web Tokens
API Security | JWT Authentication | PHP
📘
Log Errors to File
Production Security | log_errors On | PHP
📘
Prevent MIME Sniffing
HTTP Headers | X-Content-Type-Options | PHP
📘
Resolve Canonical Path
Path Traversal | realpath Validation | PHP
📘
Sanitize Log Input
Log Forging | Remove Newlines | PHP
📘
session_regenerate_id After Login
Session Security | Regenerate ID | PHP
📘
Strict Transport Security
HTTPS | HSTS Header | PHP
📘
Trusted Domain List
SSRF Prevention | Allowlist URLs | PHP
📘
Validate Email Format
Input Validation | FILTER_VALIDATE_EMAIL | PHP
📘
Verify Password
Password Hashing | password_verify Function | PHP
📘
Access-Control-Allow-Methods Header
CORS | Allow Methods | PHP
📘
Allow Specific Extensions
File Upload Security | Extension Whitelist | PHP
📘
Allowed Script Sources
CSP Header | script-src | PHP
📘
Check Rehash Needed
Password Hashing | password_needs_rehash | PHP
📘
Control Referrer Information
HTTP Headers | Referrer-Policy | PHP
📘
Convert Both Quotes
XSS Prevention | ENT_QUOTES Flag | PHP
📘
Disable Loading
XXE Prevention | libxml_set_external_entity_loader | PHP
📘
Encode Special Characters
Log Forging | JSON Encoding | PHP
📘
Extract Safe Filename
Path Traversal | basename Function | PHP
📘
Generate and Validate Keys
API Security | API Keys | PHP
📘
Implement Idle Timeout
Session Security | Session Timeout | PHP
📘
Prevent Location Spoofing
SSRF Prevention | Disable Redirects | PHP
📘
Set Environment Variable
Environment Security | putenv Function | PHP
📘
Set Error Log Location
Production Security | error_log Path | PHP
📘
Set-Cookie Secure Flag
HTTPS | Secure Flag Cookies | PHP
📘
Store in Session
CSRF Prevention | Store Token | PHP
📘
Use Prepared Statements
SQL Injection | Prevention Method | PHP
📘
Validate Before Query
LDAP Injection | Input Validation | PHP
📘
Validate URL Format
Input Validation | FILTER_VALIDATE_URL | PHP
📘
Access-Control-Allow-Headers Header
CORS | Allow Headers | PHP
📘
Add Hidden Input Field
CSRF Prevention | Form Field | PHP
📘
Allowed Directories Only
Path Traversal | Path Whitelist | PHP
📘
Allowed Style Sources
CSP Header | style-src | PHP
📘
Block Internal IPs
SSRF Prevention | Validate IP Address | PHP
📘
Browser Feature Restrictions
HTTP Headers | Permissions-Policy | PHP
📘
Disable Entity Loading
XXE Prevention | DOMParser Options | PHP
📘
Get Hash Algorithm Info
Password Hashing | password_get_info | PHP
📘
getimagesize Function
File Upload Security | Image Validation | PHP
📘
HTTP X Forwarded Proto
HTTPS | Proxy Support | PHP
📘
Remove HTML PHP Tags
XSS Prevention | strip_tags Function | PHP
📘
Safe LDAP Search
LDAP Injection | Practical Example | PHP
📘
Safe Logger Function
Log Forging | Practical Example | PHP
📘
Set Secure Flag
Session Security | Secure Cookie Flag | PHP
📘
Third Party Authentication
API Security | OAuth 2.0 | PHP
📘
Use PDO with Prepares
SQL Injection | PDO Prevention | PHP
📘
User Friendly Error Display
Production Security | Custom Error Page | PHP
📘
Validate IP Address
Input Validation | FILTER_VALIDATE_IP | PHP
📘
Access-Control-Allow-Credentials Header
CORS | Allow Credentials | PHP
📘
Allowed Image Sources
CSP Header | img-src | PHP
📘
Check Maximum File Size
File Upload Security | Size Limit | PHP
📘
Compare with Session
CSRF Prevention | Validate Token | PHP
📘
CURLOPT_REDIR_PROTOCOLS
SSRF Prevention | cURL Options | PHP
📘
Default BCrypt Algorithm
Password Hashing | PASSWORD_DEFAULT | PHP
📘
Safe File Reader
Path Traversal | Practical Example | PHP
📘
Safe XML Parsing
XXE Prevention | SimpleXML Options | PHP
📘
Sanitize String Filter
XSS Prevention | filter_var Sanitize | PHP
📘
Set HttpOnly Flag
Session Security | HttpOnly Cookie Flag | PHP
📘
Use MySQLi Prepared
SQL Injection | MySQLi Prevention | PHP
📘
Validate All API Inputs
API Security | Input Validation | PHP
📘
Validate Integer
Input Validation | FILTER_VALIDATE_INT | PHP
📘
Allowed API Endpoints
CSP Header | connect-src | PHP
📘
BCrypt Algorithm
Password Hashing | PASSWORD_BCRYPT | PHP
📘
Escape Before Display
XSS Prevention | Output Escaping | PHP
📘
mysqli_real_escape_string Usage
SQL Injection | Escape Function | PHP
📘
OPTIONS Method Handling
CORS | Preflight Request | PHP
📘
preg_replace Dangerous Chars
File Upload Security | Secure Filename | PHP
📘
Safe URL Fetcher
SSRF Prevention | Practical Example | PHP
📘
Safe XML Loader
XXE Prevention | Practical Example | PHP
📘
Sanitize JSON Responses
API Security | Output Sanitization | PHP
📘
Set SameSite Flag
Session Security | SameSite Cookie Flag | PHP
📘
Timing Safe Comparison
CSRF Prevention | hash_equals Function | PHP
📘
Validate Boolean
Input Validation | FILTER_VALIDATE_BOOLEAN | PHP
📘
Argon2i Algorithm
Password Hashing | PASSWORD_ARGON2I | PHP
📘
Content Security Policy
XSS Prevention | CSP Header | PHP
📘
Cookie SameSite Strict
CSRF Prevention | SameSite Cookie | PHP
📘
Prevent URL Session ID
Session Security | Disable Trans ID | PHP
📘
Report Violations URL
CSP Header | report-uri | PHP
📘
uniqid Generation
File Upload Security | Unique Name | PHP
📘
Validate All User Inputs
SQL Injection | Validation Method | PHP
📘
Validate Float
Input Validation | FILTER_VALIDATE_FLOAT | PHP
📘
Alternative CSRF Protection
CSRF Prevention | Double Submit | PHP
📘
Argon2id Algorithm
Password Hashing | PASSWORD_ARGON2ID | PHP
📘
HttpOnly Cookie Prevention
XSS Prevention | Cookie Flag | PHP
📘
Outside Webroot Directory
File Upload Security | Storage Location | PHP
📘
Safe Stored Procedure Usage
SQL Injection | Stored Procedure | PHP
📘
Use Database for Sessions
Session Security | Database Storage | PHP
📘
Validate with Regex
Input Validation | FILTER_VALIDATE_REGEXP | PHP
📘
Check User Agent IP
Session Security | Validation Method | PHP
📘
chmod 644 for Files
File Upload Security | File Permissions | PHP
📘
Sanitize Email String
Input Validation | FILTER_SANITIZE_EMAIL | PHP
📘
Set Cost Parameter
Password Hashing | BCrypt Cost | PHP
📘
Verify HTTP Referer Header
CSRF Prevention | Referer Check | PHP
📘
Memory Cost Parameter
Password Hashing | Argon2 Memory | PHP
📘
Readfile for Access Control
File Upload Security | Serve File | PHP
📘
Sanitize URL String
Input Validation | FILTER_SANITIZE_URL | PHP
📘
ClamAV Integration
File Upload Security | Malware Scan | PHP
📘
Remove Non Numeric
Input Validation | FILTER_SANITIZE_NUMBER_INT | PHP
📘
Time Cost Parameter
Password Hashing | Argon2 Time | PHP
📘
Remove Non Float
Input Validation | FILTER_SANITIZE_NUMBER_FLOAT | PHP
📘
Threads Parameter
Password Hashing | Argon2 Threads | PHP
📘
BCrypt 60 Characters
Password Hashing | Hash Length | PHP
📘
HTML Encode String
Input Validation | FILTER_SANITIZE_SPECIAL_CHARS | PHP
📘
Always Hash Passwords
Password Hashing | Best Practice | PHP
📘
Filter from Superglobal
Input Validation | filter_input Function | PHP
📘
Filter Multiple Inputs
Input Validation | filter_input_array | PHP
📘
Reject vs Clean
Input Validation | Validation vs Sanitization | PHP