Hey im working on my first php site, and was hoping to get some thoughts from you guys.
1- I’m using a txt file database, cuz its a simple set of scripts. I know that’s not recommended, but i wanted to work with it some, before getting into mysql. Thoughts on this in general? Pros, cons? Vulnerable?
2- Related to the previous question … security. So far i have some basic form input cleaner functions like: trim, strip_tags, preg_replace, htmlentities. Sound adequate? Overkill? Thoughts? Are there any ways to safely test the security of a script, before sending it out into the webs?
Im learning here, so any info is greatly appreciated. Thanks !
PS- there is no registration for users. Just some submission forms and a display of those submitted entries.
(1) A text file database is very difficult to get working right. You will have multiple requests stomping over each other trying to edit your file concurrently. You’d be better of just getting into SQL right away.
(2) Make sure to use parameterized queries to prevent SQL injection, and to properly encode strings before injecting them into HTML, URLs, or other similar places. As for testing, disable or bypass any and all client checks, and try to insert long strings with weird characters as inputs into your forms.