The best way to learn, is to start coding, and ask lots of questions.
There are plenty of sites on the web which provide shitty code.
DO NO COPY AND PASTE.
While the urge to simply copy somebody's code, and paste it into your application is inviting, this practice only leads to heartache and tears.
You are certainly on the right tract when asking about security. While you can write insecure code in any language, PHP perhaps lowers the bar in this regard.
As you question relates to database, let's start there.
PHP provides PDO for database operations, and allows variable binding and prepared statements.
Prepared statements are great for stopping SQL injection, but this is a last stop.
The real question is, Why would you send data to a database query without being sure of the type and length of the data you are sending.
Validation:
Everything coming from userland (eg: a website) should be regarded as insecure.
Sure, you can put some HTML5, or _javascript_, validations on an email address, but changing the form type from "email" to "text" is a trivial task.
To be absolutely sure of the content of input, you must create you own validations.
How long can this address be? eg: If the email is being stored in a VARCHAR field, then 255 would be the max length.
It must also contain a "@" character.
It must end in ".something"
These validations must be performed BEFORE you send the email address to the database.
I, and many others here, are happy to answer your questions, and it sounds like you are beginning at the right place.
Kev
On Thu, Jun 25, 2020 at 6:56 AM Ashkar Dev <ashkardev@xxxxxxxxx> wrote:
Hi all,could anyone give some detail about how to make a PHP web application secure?for example validation of form while using a PostgreSQL database,by the way, could you explain how users can freely learn PHP while the codes from the PHP website are copyrighted, are developers be able to use codes from the PHP website or manual?
