Essential PHP Security and over 2 million other books are available for Amazon Kindle . Learn more

Sign in to turn on 1-Click ordering.
Trade in Yours
For a £0.04 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Image not available

Start reading Essential PHP Security on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Essential PHP Security [Paperback]

Chris Shiflett
4.3 out of 5 stars  See all reviews (14 customer reviews)
RRP: £22.83
Price: £16.58 & FREE Delivery in the UK. Details
You Save: £6.25 (27%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 3 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Want it tomorrow, 1 Nov.? Choose Express delivery at checkout. Details


Amazon Price New from Used from
Kindle Edition £10.79  
Paperback £16.58  
Trade In this Item for up to £0.04
Trade in Essential PHP Security for an Amazon Gift Card of up to £0.04, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Book Description

23 Oct 2005 059600656X 978-0596006563 1

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

  • Preventing cross-site scripting (XSS) vulnerabilities
  • Protecting against SQL injection attacks
  • Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Frequently Bought Together

Essential PHP Security + Programming PHP
Price For Both: £34.25

Buy the selected items together
  • Programming PHP £17.67

Product details

  • Paperback: 130 pages
  • Publisher: O'Reilly Media; 1 edition (23 Oct 2005)
  • Language: English
  • ISBN-10: 059600656X
  • ISBN-13: 978-0596006563
  • Product Dimensions: 17.9 x 0.8 x 23.3 cm
  • Average Customer Review: 4.3 out of 5 stars  See all reviews (14 customer reviews)
  • Amazon Bestsellers Rank: 33,252 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description


You've heard the nasty stories about PHP sites being wiped off the web by evil hackers? Sadly it's not scare-mongering as it does happen, and as much as we love PHP it needs proper security to keep your site safe from harm. Plenty of PHP books have the odd chapter on security but at last O'Reilly have published a whole volume dedicated to the cause, with all the code you'll need to keep everything in order. Each chapter covers a different aspect of the application, from form processing to database programming and session management. Written in a straight forward style, it's ideal for every PHP user, but at GBP20 you might expect a little more than just 100 pages." .NET, November 2005 "If you write PHP scripts, get a copy" - Alain Williams, news@UK, March 2006

Book Description

A Guide to Building Secure Web Applications

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

Most Helpful Customer Reviews
22 of 23 people found the following review helpful
5.0 out of 5 stars Essential reading 13 Nov 2005
We've probably all heard about sql injections, cross side scripting, session hi-jacking and other security issues in PHP, and this book explains what they are, how they happen and how to combat them. More than that though, you'll learn best practices for writing secure php pages.
One of the things I liked about this book is that you don't need to be sat next to your PC to read it. Though it has many nice and clear code examples, it's mainly about principles and theory. Excellent to have on the bedside table.
It isn't a very thick book, but is written in a clear and accessible style, and I found myself going 'aha' all the way through. I read it quickly but have a feeling that I'll return to it often until all those best practices are memorised and I'm 'doing' them.
Worth buying? Definitely. This book should be on every serious PHP programmer's bookshelf.
Comment | 
Was this review helpful to you?
2 of 2 people found the following review helpful
4.0 out of 5 stars Very informative, best practices 12 Feb 2007
This book is very good, and absolutely recommandable.

The book is not very big (~100 pages) and can be read quite fast. It's also an easy read, as the language in the book is not hard as some other technical books might be. The explanations are good, and easy to understand, as well as the reasoning.

I enjoyed this book, and it's a great reference. It's size also allows you to read it again (And that's a great idea - Helps you to remember) to get the most out of the book.

The author knows what he talks about, and his advice really makes sense. You might already be aware of some of the concepts, such as filtering input etc, but Chris explains really well the ideas behind such concepts, and gives great examples of what can go wrong if you fail to follow the simple principles given.

All in all, this is a great book that really helps you, by teaching you best practices from a very experienced web-developer.

And the book is really great as a reference.
Comment | 
Was this review helpful to you?
12 of 14 people found the following review helpful
5.0 out of 5 stars 8 chapters. 30 exploits. Impossibly small 6 Sep 2006
We've all written unsecure code. Then tried to circumvent our weak security measures. It made us better programmers, and made us sleep better knowing our applications were safe. But there is just so far your imagination can go, while thinking up ways to get inside your perfectly secure system.

Essential PHP Security by Chris Shiflett brings you those ideas in a book that looks rather, well small. We've all gotten used to those big, heavy, shelf bending computer books, but this one has just 124 pages. Allow me to get a bit poetic: Don't judge the book by its covers, or rather by the number of pages. This book is the essential reading for all PHP developers, professional and hobbyist alike. It is one of those books that will not get outdated and will be referenced on a daily basis.

I really enjoyed reading this book. It made me realize that some of my approaches were a bit misslead, but mostly solidified my way of coding. And that is really what I was looking to get out of this book.
Comment | 
Was this review helpful to you?
5.0 out of 5 stars Absolutely Essential 13 Dec 2007
If you've done a bit of PHP programming, or have used any other online scripting languages, but have never considered the security implications, this book is essential. The threats are jaw-droppingly simple, but so are their fixes, and the principles remain for other technologies too. The techniques will also improve the integrity of your data and ensure that you consider security in the design process of your applications.

The book is lean and quick to read, the content is aimed at reasonably knowledgeable programmers, but there is nothing here that can't be easily researched. All the issues are illustrated with short, relevant examples and code, which makes a change from most programming books. The author also maintains his own website to ensure that readers can remain updated on problems for the foreseeable future. Overall, this is essential stuff and great value.
Comment | 
Was this review helpful to you?
Format:Paperback|Verified Purchase
I've found this book useful because it explained to me how certain vulnerabilities can arise. That is handy to know whatever language you are writing in. The solutions the author suggests can also be employed outside of PHP.

I agree with most of the comments of the other reviewers so I won't bore you by repeating them.

It may only be 100 pages but it's well worth the price if you need educating about web security.
Comment | 
Was this review helpful to you?
3 of 4 people found the following review helpful
4.0 out of 5 stars Useful, structured, collection of advice 12 Jun 2006
By Stephen Hampshire VINE VOICE
Format:Paperback|Verified Purchase
Probably nothing new here for most PHP programmers, but it's nice to have it all collected in one place.

The structure is also cleverly thought out, dealing chapter by chapter with specific types of activity (e.g. forms, databases, sessions etc).

It's a thin book for the money, but much clearer than anything less specialist I've come across. Thin enough that you can check through all of it before your site goes live - just in case!
Comment | 
Was this review helpful to you?
4.0 out of 5 stars An essential checklist, but there is more ... 31 Oct 2011
Format:Paperback|Verified Purchase
This book is by no means a tome and was probably written for kindle first.

That said, it highlights a lot of the important concepts of filter input and escape output. If you do that, you've probably covered 85% of the problems.

The book also covers cookie interception and SQL injection, but the Internet will also give the same.

It won't take long to read the book, but perhaps as long as your code is written with 'security in depth' again you're most of the way there.

Given four stars for what's in the book, but more guidance and examples would have been welcome.
Comment | 
Was this review helpful to you?
Would you like to see more reviews about this item?
Were these reviews helpful?   Let us know
Most Recent Customer Reviews
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category