Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I just finished coding my first MySQL / PHP project. It's a shopping cart for a website I designed for a client. I'm concerned about security because I'm fairly ignorant on the subject. I'm trying to do research but there seems to be a ton of information to take in. What do you guys do when you're done coding something to test it for vulnerabilities?
The only precaution I've taken so far is that the website has an ssl certificate and always runs in https. The forms in the checkout portion have some javascript validation, but I don't know if that matters. A bot can just turn off js right?
Is there a checklist of things I should be checking?
Ensure that all validation is carried out server-side as well as client-side. As you stated, Javascript can eaisly be disabled, bypassing any checks you have in place.
Well you haven't posted any code so we can't tell. But if we assume you the validation who have is validating and escaping all user input and encoding any output, then yes your database is safe.
All TSL/SSL does is encrypt the connection so that your packets cannot be intercepted and read. (For passwords, usernames and any other sensitive bits of information.)
Security is a huge subject and cannot simply be covered by a checklist, just keep reading and reading about it all! You'll pick up new techniques and if you get stuck, post on here, I'm sure someone can help if you're specific.