Do know that this video does NOT cover ALL security in PHP. 👈 But it is a really good starting point for beginners, to learn PHP security. 🙂 I have to disclaim this, since some people will inevitably skip reading the title, the description, and the intro to the video, and then proceed to tell me in the comments that "this isn't ALL security! CLICKBAIT!" 😂
i\ve tried using the header function to check if the user ended up on the validation.php page without submiting the form, but it dosen't work. i'm using 000webhost to host my test website and i think it has something to do with them, if i use header at the end of the validation or to check if the user submited the form, i get an error saying that i'm not allowed to change header and stuff Warning: Cannot modify header information - Header already sent by (Output started at /blog/wp-config.php:31) something llike this... and, if i don't use $_server self in the action of the form, after submiting i get stuck on the white php validation page... are this type of errors a result of webhosting or what? another problem that i've hade, was space lines in textarea when users send a message or comment messages with a line empty...whould not send the email i've figured it out with a function nl2br()... found the fix on a forum... but now i'm stuck in the email with and html characters for ? or ' and so on
@@ReptilianXHologramThe main rule with security is don't try to do everything yourself, esp. regarding encryption etc. It is better to use frameworks or plugins which are used and tested by 100,000 other developers.
Dani is probably the programmer I was looking for, defies all the common programming semantics with an easy and comprehensive style. Super thanks to you man!
I have being enjoying your recent videos on php man, you are doing well, to fully grab all this concepts it would be nice you if can make a video tutorial coding an application (complex one) which will give more insight on how to implement these things. Thanks 🚀⭐
You have really helped me in writing a really good website, love your videos, very informative. Please can I ask if you can consider writing a forgotten password video in the MVC model? I've managed to do it with the uploading gallery video you have, struggling to get forgotten password one to work in MVC model. Would appreciate the help. 🙃
Fairly new to this area. Wouldn't it be better to keep the CSRF token out of a hidden field form, and just check the session variable when the form is submitted to its script (e.g., hidden form fields contents can be easily accessed and stolen)?
CSRF works by keeping a token locally and on the server. And whenever a user performs a request, we compare the tokens to check if they match. And this can be done either using a hidden input, a custom HTTP header using JavaScript, or by passing it through the URL. 🙂 There is no danger in keeping it in a hidden input, as long as you protect against XSS attacks, and make sure not to visibly expose it all over your epplication. The only "bad thing" that happens if a user changes it using the developer tool, is that the request fails on the next page. 🙂 So worst case, the user just receives an error message.
No. These are just the basics. This is also why many prefer frameworks, because they have “out of the box” security, since security is such a big area of PHP.
Do know that this video does NOT cover ALL security in PHP. 👈 But it is a really good starting point for beginners, to learn PHP security. 🙂 I have to disclaim this, since some people will inevitably skip reading the title, the description, and the intro to the video, and then proceed to tell me in the comments that "this isn't ALL security! CLICKBAIT!" 😂
I apreciate this video but why not make a video with login form or a pay out to exemplifie better the concepts.
Where can I go to find where there is something that does cover ALL security in PHP?
i\ve tried using the header function to check if the user ended up on the validation.php page without submiting the form, but it dosen't work.
i'm using 000webhost to host my test website and i think it has something to do with them,
if i use header at the end of the validation or to check if the user submited the form, i get an error saying that i'm not allowed to change header and stuff
Warning: Cannot modify header information - Header already sent by (Output started at /blog/wp-config.php:31) something llike this...
and, if i don't use $_server self in the action of the form, after submiting i get stuck on the white php validation page...
are this type of errors a result of webhosting or what?
another problem that i've hade, was space lines in textarea when users send a message or comment
messages with a line empty...whould not send the email
i've figured it out with a function nl2br()... found the fix on a forum...
but now i'm stuck in the email with and html characters for ? or ' and so on
@@ReptilianXHologramThe main rule with security is don't try to do everything yourself, esp. regarding encryption etc. It is better to use frameworks or plugins which are used and tested by 100,000 other developers.
@@musicisasuperpower I see your point but I just want to know the main ones I should learn about myself/the most important ones.
Dani is probably the programmer I was looking for, defies all the common programming semantics with an easy and comprehensive style. Super thanks to you man!
I really learned a new staff from this video.
Thanks for the effort to show it as a video.
I keep looking forward to your videos, and like them before watching
I have being enjoying your recent videos on php man, you are doing well, to fully grab all this concepts it would be nice you if can make a video tutorial coding an application (complex one) which will give more insight on how to implement these things. Thanks 🚀⭐
Great video as always, Dani! Gbu!
I really like your videos, please keep going!!
Hi, thanks.
indeed it is a good video. You all should keep it in your bookmarks browser. 👌
thank you for great PHP Security for Beginners
Please make a video for native PHP pessimistic locking.
This is amazing content! Might need part 2
Really you doing a great job Thank you
Could you extend your last PHP course by adding security based video where you actually implement those things?
I'm the 999th like on this video 😃
Very helpful tutorial thank you
sir you are very good to clarify everything and i get it when im only with you if i leave i don't remember even the code so plz help me out bro
Thnx for video
Amazing mahn. thanks for this insightful tutorial
You have really helped me in writing a really good website, love your videos, very informative.
Please can I ask if you can consider writing a forgotten password video in the MVC model? I've managed to do it with the uploading gallery video you have, struggling to get forgotten password one to work in MVC model. Would appreciate the help. 🙃
Very useful. Thank you so much
Hero! 👍
Super god video!
Fairly new to this area. Wouldn't it be better to keep the CSRF token out of a hidden field form, and just check the session variable when the form is submitted to its script (e.g., hidden form fields contents can be easily accessed and stolen)?
CSRF works by keeping a token locally and on the server. And whenever a user performs a request, we compare the tokens to check if they match. And this can be done either using a hidden input, a custom HTTP header using JavaScript, or by passing it through the URL. 🙂 There is no danger in keeping it in a hidden input, as long as you protect against XSS attacks, and make sure not to visibly expose it all over your epplication. The only "bad thing" that happens if a user changes it using the developer tool, is that the request fails on the next page. 🙂 So worst case, the user just receives an error message.
Perfect.
You sir, are l337 ;o) Thank you.
I know this isn't all security when it comes to PHP but would an application be really secure with only these principles in your opinion?
No. These are just the basics. This is also why many prefer frameworks, because they have “out of the box” security, since security is such a big area of PHP.
@@Dani_Krossing will you making videos going over what are frameworks?
PHP Security Best Practices:
1. Validate Input.
2. Sanitize Output.
3. Use Prepared Statements.
4. Try to remember these steps on Monday... 😅
We need part2
Lemme hack you, hold my beer 😂
1st
Mrbeast ????????????
its the first time that im seeing this video, but this dude looks like elon musk to much to pay attention about video content