This is very important security check to find PHP code/script in an uploaded file or text entered in Text Area/Box to prevent its execution. Sometimes, hackers or spammers attacks to the database through the commonly used contact form or registration form having the option of file upload or text via text area. To ensure the security, we should check whether the uploaded file or text coming from text area contains some PHP script/code. It may harm your database once it’s inserted into the database.
Some developers uses a check to find “<?php” but it is not practical, also it may create ambiguity. Be practical, whether the file contains harmful php code it doesn’t do anything if we prevents it’s execution or store these php files at the place where they can’t be executed by PHP Interpreter.
1.Keep all such files at the same place (directory) and put a .htaccess file in its root with the following code-
1.Keep all such files at the same place (directory) and put a .htaccess file in its root with the following code-
php_flag engine off
This will also helps to prevent the execution of php scripts embedding within the .gif files.
2. You can also ask the Apache handler through the handler command. This will force all the files present in a specific directory to be processed by a certain handler given by you-
<Location /web/uploads/files> SetHandler None </Location>
I hope the above ways of security check of php code was helpful and works well in your next development project. Let me know if still you’ve any doubt regarding the same and share your knowledge or experience below in comment to help others.
Loading ...
