Pritesh,
I would never be so bold to say that anything I write is 100% secure, and keep in mind that what is secure today, might not be next month. We all need to do our very best to stay on top of security best practices as they continue to evolve.
I used PDO with prepared statements for all database interaction which provides a great level of protection against SQL injection, and before the the URL is inserted into the database, it is validated.
That being said, you should always treat user input as suspect and apply any additional filtering and validating as you see fit.
Sandeep has a new article on the subject that you should find very interesting: http://phpmaster.com/8-practices-to-secure-your-web-app/
I hope that helps.
Thank you for reading the article, and for your comment. I really appreciate it.
Happy PHPing!
↧
By: Alex Fraundorf
↧
