Check List for PHP v1.0

1-      use for remove html code preg_replace('/<\w>/'," ",$str);

2-       add slashes for injection attacks

3-      Also use htmlentities(,ENT_QUOTES)

4-       fix length.

5-       check for special characters.

6-       check html characters for insertion

7-      Set focus on one element in form.

8-      Use memcache for db caching

9-      Secure session ids. i.e shal(session(“wqwq”))

10-   Use mysql_real_escape_string to validate cookie data

11-  Never include, require, or otherwise open a file with a filename based on user input, without thoroughly checking it first. Take the following example:

if(isset($page))
{
  include($page);
}

12-   At text area  preg_replace('//i', '', $text) for not showing br in text area

13-   get_magic_quotes_gpc used to check whether addslashes used or not

14-   Use fck editor for html entry

References

1)      http://talks.php.net/show/top7/20

2)      http://net.tutsplus.com/articles/are-you-making-these-10-php-mistakes/

3)      http://www.sourcerally.net/regin/8-The-PHP-coder%27s-top-10-mistakes-and-problems

4)      http://www.phoenixheart.net/2008/10/six-common-mistakes-in-php/