Security Refactoring

Discover how to refactor your PHP CRUD application to improve security by escaping user input with htmlspecialchars. Learn to prevent cross-site scripting attacks and duplicate database entries through validation and unique constraints. This lesson helps you apply secure coding practices within your PHP app to protect both users and data integrity.

We'll cover the following...

Escape HTML with htmlspecialchars()
Prevent duplication

Escape HTML with `htmlspecialchars()`

Before diving in, we have to remember the programming golden rule:

“Never trust user input.”

Let’s see why.

Imagine that a user types the following as their title project into our form: <script>alert('Hello world')</script>. What do you think will happen when the user submits this form? Let’s try it on the “add project” page to see for ourselves.

As we can see, if a malicious user succeeds in executing a script, not only they will annoy every user who arrives at the page in question, they could attempt to get those users’ cookies. To prevent this security risk from emerging in our application, we’ll use the PHP htmlspecialchars() ...

1.Introduction

2.App Initialization

3.Create and Read Records

4.Refactor the Application

5.PHP Data Validation

6.Generate Reports

7.Update and Delete Records

8.PHP Router

9.Conclusion

10.Appendix

Security Refactoring

Escape HTML with `htmlspecialchars()`

Security Refactoring

Escape HTML with htmlspecialchars()

Escape HTML with `htmlspecialchars()`