PHP Security precautions
Introduction – what is PHP?
PHP is a server side scripting language. You can embed PHP code in your web pages along with HTML. When your server receives a request for a page, it first gives the page to the PHP handler program. The PHP handler outputs HTML code as-is, but when it encounters PHP commands, it executes them. Any HTML generated by the PHP commands is also output. The end result is a web page with content that has been customized on the server before being sent to whoever requested it.
PHP has capabilities that make it a potential security risk:
- It can receive and process data from the “outside world”
- It can be programmed to actively fetch data from anywhere on the internet
- It is able to read and write files on the server