Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    Chapter 5. Security > Filter Input, Escape Output

    5.2. Filter Input, Escape Output

    The phrase filter input, escape output—sometimes abbreviated to FIEO—has become a mantra for security in PHP applications. It refers to a practice used to avoid situations where user input can be interpreted to have semantic meaning beyond the simple data it represents.

    These types of situations are a common source of several attack vectors. They contributed to the development of the magic quotes PHP configuration settings introduced in PHP 2 and deprecated in PHP 5.3.[8] These settings were a technical measure implemented in an attempt to solve a social problem: the lack of education about security vulnerabilities in the general population of junior-level PHP developers.

    [8] For more on magic quotes, visit Wikipedia’s page on the subject: http://en.wikipedia.org/wiki/Magic_quotes


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial