Hi All
I have been learning PHP and MySql. I have been learning how to fill out a form and use PHP to populate a database on MySql. I have also learned a bit about how to retrieve that information as a CSV for Excel. I am also going to us iFrame Tags to put a form on my clients Facebook page. I have learned enough that I believe I can make this happen. I am ready to take my skills to the next level.
My client's Facebook page is already going viral and he is about to give away some high dollar items. A contest. So his Facebook page is going to explode with traffic. In order to enter the contest we are going to need to retrieve personal info, like name, email, address, etc.
I have security concerns. Since this is my first attempt at this, how secure is PHP and MySQL? If I use a username and password on my server that should be enough to protect personal information, right? I will be responsible for allot of personal information so I don't want to screw this up. Am I over my head?
My second question. I need my client to be able to retrieve that information from the MySql database. I was thinking of creating a page that he can access to retrieve the personal information. But again, there is another security issue. I would probobaly need to password protect it. Is there a better way to do this?
Here is an example of what I am trying to do http://www.facebook.com/Deergear?sk=app_156351054435971
Thanks for your help.
PHP MySql Security Question
Moderator: General Moderators
Re: PHP MySql Security Question
There are three main things you need to look out for as far as security is concerned. XSS injections and SQL injections are the big ones. If you're using mysqli then SQL injections shouldn't be a problem. If you're not then you need to use mysql_real_escape_string() around any input you're taking from the user and putting into the database.
Last but not least is what you can do to secure the data. You need to have strong passwords on all of your logins, especially the database connection, limit who has access to the information, and I would also encrypt your member's passwords using SHA1. Add an SSL certificate to seal the deal.
Last but not least is what you can do to secure the data. You need to have strong passwords on all of your logins, especially the database connection, limit who has access to the information, and I would also encrypt your member's passwords using SHA1. Add an SSL certificate to seal the deal.