On May 5, 5:37 pm, "alvarojavierv...@gmail.com"
<alvarojavierv...@gmail.comwrote:
What is best way that you use (technique) to get safe
(may be your site or system)?
That depends almost completely on what your site does and how it is
done. For general things, you can disable PHP's register_globals
option (you'll find that in php.ini, or you can write a short snippet
that unregisters the globals like phpBB forums do, or .htaccess can
sometimes help with PHP switches) and mysql_real_escape_string()
specific input before inserting into your database to prevent SQL
injection (magic_quotes may be enabled already, it's preferable to
disable that and escape stuff yourself so you can be sure it's working
all of the time).
You can also give mod_security a try, some hosts implement it
(DreamHost does). It covers a some things you might miss.
http://www.modsecurity.org/projects/...che/index.html
-Mike PII