Essential PHP Security
A Guide to Building Secure Web Applications
Publisher: O'Reilly Media
Final Release Date: October 2005
Pages: 130

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

  • Preventing cross-site scripting (XSS) vulnerabilities
  • Protecting against SQL injection attacks
  • Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews


by PowerReviews
oreillyEssential PHP Security

(based on 5 reviews)

Ratings Distribution

  • 5 Stars



  • 4 Stars



  • 3 Stars



  • 2 Stars



  • 1 Stars



Reviewed by 5 customers

Sort by

Displaying reviews 1-5

Back to top


A small book for a big topic

By Ton van Lankveld

from Boekel, the Netherlands

About Me Designer, Educator

Verified Buyer


  • Easy to understand
  • Well-written


  • Not comprehensive enough
  • Too basic

Best Uses

  • Novice

Comments about oreilly Essential PHP Security:

Now it's obviose for all to see that the Internet is far from secure, it is almost painfull to see how little pages are spend on this important topic.
The idea is good, but has more information on the security aspect of this language then above booklet.
IMHO Chris Shiflett should site down and do some serious writing. The topic lends itself for a book the size of Lord of the Rings.


Essential is the right word

By Federico Freonius Pirani

from Milan, Italy

About Me Developer

Verified Reviewer


  • Easy to understand
  • Helpful examples
  • Well-written


  • Too basic

Best Uses

  • Novice
  • Student

Comments about oreilly Essential PHP Security:

Even though the first chapters are a bit too basic for a PHP programmer with some experience, as you go on reading you can find some interesting solution to improve your security. The best feature, in my opinion, is that shared hosting is taken into consideration, very uncommon in the books I have read so far.
If you use superglobals directly in your SQL queries or you are a novice in PHP, this book is for you.

(4 of 4 customers found this review helpful)


Chilling book

By Anonymous

from Undisclosed

Comments about oreilly Essential PHP Security:

I'm no newbie to computer security, but sometimes I feel like reading a good book about security instead of surfing the web for bits and pieces of security-related articles. And this had good reviews, so...

The book started off with the basic stuff: Don't trust input, always escape output, etc. Very basic. In fact I wondered if this book was a little too basic.

And then, with each progressive chapter, my attitude slowly changed from "yeah, yeah", to "hmmmm", to "oops".

It's not only because the author mercilessly brings up exploit after exploit, saying "did you think about this? and how about this, did you think about that?"; it's also because he explains why it's important, how to exploit it, and what people can do to your site if you didn't think about that.

Now, I'll go back to my PHP code and rewrite, oh, one or two classes. Or more.

(3 of 3 customers found this review helpful)


Very good introduction!

By Leam Hall

from Undisclosed

Comments about oreilly Essential PHP Security:

While smaller than many O'Reilly titles the author wastes no time in helping the new PHP programmer write more secure code. Once you get the best practices in the first chapter down, the other seven chapters each deal with a specific class of vulnerability. You can read chapters 2-8 in any order, and you'll spend some time with the appendices too.

I confess, this book made me want to go back over my code and refactor it from the ground up! Chris gives really easy ways to prevent the more common attacks any internet site faces. A day to a day and a half to read this book and then build your habit library will take you far in building more secure PHP code.

(6 of 6 customers found this review helpful)


Change Your Outlook on Security

By Evan Broder

from Undisclosed

Comments about oreilly Essential PHP Security:

Chris Shiflett recently visited our local PHP Users Group, and after the meeting, I was inspired to buy his book in preparation for a big PHP project.

Without a doubt this has changed how I view security. Before, I was aware of potential holes; I knew what SQL injection was. After reading this book, though, I feel like I have a true grasp on what I have to do to make my code secure.

In fact, I even see the difference when I look at my old code. I see potential problems.

After reading this book, some might say that Chris teaches you to be paranoid, but I would argue that he teaches you to be thorough.

I highly recommend this book for anyone with a little PHP experience.

Displaying reviews 1-5

Back to top

Buy 2 Get 1 Free Free Shipping Guarantee
Buying Options
Immediate Access - Go Digital what's this?
Ebook: $23.99
Formats:  DAISY, ePub, Mobi, PDF
Print & Ebook: $32.95
Print: $29.95