PHP is an incredibly popular language for creating dynamic web applications — websites such as Facebook are built on it. This can be attributed to many reasons; it is easy to learn, easy to install and does not require the user to compile code. An unfortunate side effect of the ease of development with PHP is a tendency to ignore security during the development process.
In this post I will discuss some of the ways to make your PHP apps more secure. I will go through creating a PHP web app that connects to a MySQL back end database. The application will be a simple address book. The approach I will take is one of layered security. There is no sure fire quick method of blocking all attacks, but using the layered security approach we severely limit our exposure.