Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Hidayet Doğan
November 07, 2012
Programming
1.3k
0
Share
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
820
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
450
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
900
PHP 101
hdogan
1
760
Web Uygulamalarında Güvenlik
hdogan
1
520
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.7k
İnsanlar için PHP
hdogan
0
570
Other Decks in Programming
See All in Programming
AIベース静的検査器の偽陽性率を抑える工夫3選
orgachem
PRO
3
320
PHPで TLSのプロトコルを実装してみるをもう一度しゃべりたい
higaki_program
0
210
HTML-Aware ERB: The Path to Reactive Rendering @ RubyKaigi 2026, Hakodate, Japan
marcoroth
0
140
AI-DLC Deep Dive
yuukiyo
9
4.2k
ルールルルルルRubyの中身の予備知識 ── RubyKaigiの前に予習しなイカ?
ydah
1
180
JAWS-UG横浜 #100 祝・第100回スペシャル AWS は VPC レスの時代へ
maroon1st
0
150
ハーネスエンジニアリングとは?
kinopeee
10
5.4k
VueエンジニアがReactを触って感じた_設計の違い
koukimiura
0
180
tRPCの概要と少しだけパフォーマンス
misoton665
2
210
アーキテクチャモダナイゼーションとは何か
nwiizo
19
5.3k
10 Tips of AWS ~Gen AI on AWS~
licux
5
410
PCOVから学ぶコードカバレッジ #phpcon_odawara
o0h
PRO
0
270
Featured
See All Featured
WCS-LA-2024
lcolladotor
0
540
Are puppies a ranking factor?
jonoalderson
1
3.3k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
350
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
380
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
62
53k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
The browser strikes back
jonoalderson
0
980
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8.1k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
530
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
0
1.1k
The agentic SEO stack - context over prompts
schlessera
0
750
What does AI have to do with Human Rights?
axbom
PRO
1
2.1k
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
orgachem
higaki_program
marcoroth
yuukiyo
ydah
maroon1st
kinopeee
koukimiura
misoton665
nwiizo
licux
o0h
lcolladotor
jonoalderson
codingconduct
marktimemedia
madoxten
smashingmag
eileencodes
tammyeverts
uxyall
schlessera
axbom
