Lately, I’ve been working on numerous projects where I’m debugging or updating other people’s code. I’m constantly amazed at the poor programming that goes into a lot of these sites. They are filled with SQL injection vulnerabilities, confusing file structures, even remote code execution problems.
Properly escape database queries – By including a user provided variable directly into a query, you are opening yourself up to SQL injection problems. For example this code:
mysql_query(” SELECT * FROM sometable WHERE somecolumn = ‘”.$_POST[‘somevalue’].”‘);
is just plain bad! You are allowing the user to insert arbitrary data into the query without sanitizing it first. Always sanitize your variables before using them in a query, or better yet, use a database abstraction layer like PEAR::DB that does the escaping for you.
Don’t store user passwords in clear text! I hate it when sites do this. Combined with SQL injection attacks, this could allow hackers to view all of the usernames and passwords in your database. At the very least, you should store the password as an MD5 hash, preferably with some salt so that even if an attacker manages to read the values of your table, they are much more difficult to use. Since most users tend to re-use passwords, it also allows hackers to potentially use stolen user credentials to access other accounts not even associated with your site.
Poor file structures can be extra confusing. One of the site’s I’m working with now has no less than three copies of most of the code spread between a half dozen directories with no clear association between them. Files in one directory are including library files in a completely unrelated directory. In this case, a development branch was using a combination of production and development usernames to access a remote resource, causing extreme amounts of confusion, and destroying the integrity of the data.
I’ve also recently become converted to using Subversion to track code changes over time. I used to keep multiple copies of a file (include.php.OLD, include.php.1, OLDinclude.php, you know the drill) but Subversion makes it far easier to keep backup coies and refer back to them if something breaks.