Chapter 10. Web Application Security

The security of your Web applications is such an important topic that I always include a specific chapter on the subject in my books. Although I've been mentioning security-related issues throughout this book, this chapter will help to fill in certain gaps and finalize other points.

The most important concept to understand about security is that your Web site will not be either secure or not secure. What it will be is more secure or less secure. Security isn't a switch that you turn on and off; it's a scale that you can move up and down. Also, keep in mind that improved security normally comes at a cost of convenience (to both you, the programmer, and to the end user) and performance. Increased security normally means more code, more checks, and more required of the server. So when developing your Web applications, think about these considerations and make the right decisionsfor the particular situationfrom the outset.

The topics discussed here include extended form validation with PHP, accounting for HTML in submitted form data, using type casting, form validation with JavaScript, using regular expressions, and database security. Unlike the past couple chapterswhich used a cohesive series of examplesthis chapter will use several discrete scripts.