HelPHP

Security
in package

Tags
class

Security

Small but important class, it secured all entering requests to avoid any kind of injection.

There is security measure at server level (.htaccess mod_security etc), in the javascript side (validator.js etc), but it's still possible to forge a request directly to the server from cli or another unknow method,

so the execution of Security::process_all_data is made at init to avoid any kind of injection. It protect also against script injection in UI, partial protection against URL spoofing.

HelPHP_module check also if the column names of data exist in the DB, plus the DB class that offer prepared queries.

The session protect itself too (against session spoofing and cookie stealing etc)...

We have the chance to never suffer from hacking (except from a bit of ddos on hosting server a long time ago) and we hope it will continue like that. But of course if you find a security hole in HelPHP, we'll be pleased to discuss about it and modify our code.

Thanks a lot for your concern.

Table of Contents

Methods

__construct()  : mixed
get_base_url()  : mixed
my_real_escape_string()  : mixed
process_all_data()  : mixed
secure_sql_string()  : mixed

Methods

__construct()

public __construct() : mixed

get_base_url()

public static get_base_url() : mixed

my_real_escape_string()

public static my_real_escape_string(mixed $str) : mixed
Parameters
$str : mixed

process_all_data()

public static process_all_data() : mixed

secure_sql_string()

public static secure_sql_string(mixed $str) : mixed
Parameters
$str : mixed 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results