Securing PHP
In this section, we will go over the possible security issues on the application side. It is always recommended to filter the content on the server. The filtering can be performed at various levels. We can begin by verifying if the type of the input that we expect is the same as the type of the input we get. We can use PHP's functions such as is_int, is_numeric, is_float, and is_string, explained as follows:
is_int: This function is used to verify if the input is an integeris_numeric: This function is used to verify if the input is a number or a numeric stringis_float: This function is used to verify if the input is a floating-point numberis_string: This function is used to verify if the input is a string
Once we verify that the incoming input is same as expected, we can look for any cross-site scripting vulnerability that the incoming input may carry. To prevent any cross-site scripting vulnerability from creeping in, it is always advisable to filter the data before storing...
