Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Güvenlik Notları
Search
Hidayet Doğan
November 07, 2012
Programming
0
1.3k
PHP Güvenlik Notları
XVII. Türkiye'de İnternet Konferansı - Anadolu Üniversitesi, Eskişehir
Hidayet Doğan
November 07, 2012
Tweet
Share
More Decks by Hidayet Doğan
See All by Hidayet Doğan
Swoole ile Asenkron PHP
hdogan
0
800
Asenkron PHP
hdogan
0
1.6k
PHP Senfoni Orkestrası: Composer
hdogan
1
440
PHP ile Soket Programlama ve Ağ Servisleri
hdogan
5
4.4k
CakePHP ile Pasta Pişirmek
hdogan
1
890
PHP 101
hdogan
1
750
Web Uygulamalarında Güvenlik
hdogan
1
510
Phalcon - Eklenti olarak sunulan PHP çatısı - PHP Günleri 2013#1
hdogan
5
1.6k
İnsanlar için PHP
hdogan
0
560
Other Decks in Programming
See All in Programming
TUIライブラリつくってみた / i-just-make-TUI-library
kazto
1
400
複数人でのCLI/Infrastructure as Codeの暮らしを良くする
shmokmt
5
2.3k
俺流レスポンシブコーディング 2025
tak_dcxi
14
9k
C-Shared Buildで突破するAI Agent バックテストの壁
po3rin
0
400
Rediscover the Console - SymfonyCon Amsterdam 2025
chalasr
2
180
Claude Codeの「Compacting Conversation」を体感50%減! CLAUDE.md + 8 Skills で挑むコンテキスト管理術
kmurahama
1
550
ローカルLLMを⽤いてコード補完を⾏う VSCode拡張機能を作ってみた
nearme_tech
PRO
0
120
MAP, Jigsaw, Code Golf 振り返り会 by 関東Kaggler会|Jigsaw 15th Solution
hasibirok0
0
250
まだ間に合う!Claude Code元年をふりかえる
nogu66
5
860
AI 駆動開発ライフサイクル(AI-DLC):ソフトウェアエンジニアリングの再構築 / AI-DLC Introduction
kanamasa
9
2.4k
モデル駆動設計をやってみよう ワークショップ開催報告(Modeling Forum2025) / model driven design workshop report
haru860
0
270
大体よく分かるscala.collection.immutable.HashMap ~ Compressed Hash-Array Mapped Prefix-tree (CHAMP) ~
matsu_chara
2
220
Featured
See All Featured
End of SEO as We Know It (SMX Advanced Version)
ipullrank
2
3.8k
Building AI with AI
inesmontani
PRO
1
560
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
280
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
30 Presentation Tips
portentint
PRO
1
160
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
75
How to train your dragon (web standard)
notwaldorf
97
6.4k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.5k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.3k
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
Chasing Engaging Ingredients in Design
codingconduct
0
74
Transcript
PHP Güvenlik Notları Friday, November 9, 12
PHP Güvenlik Notları Kod Okunurluğu PHP Ayarları SQL Injection Cross-site
Scripting (XSS) Cross-site Request Forgery (CSRF) Friday, November 9, 12
Kod Okunurluğu Friday, November 9, 12
PHP Ayarları Her zaman: register_globals = Off allow_url_include, allow_url_fopen error_reporting,
display_errors, log_errors Friday, November 9, 12
SQL Injection SELECT * FROM tablo WHERE id = $id
register_globals = Off mysql_real_escape_string, pg_escape_string, PDO filter_input, filter_var Typecasting (integer) (boolean) (double) (float) addslashes = Yeterli değil! Friday, November 9, 12
Cross-site Scripting (XSS) include($dosya); echo $kullanicidan_gelen_veri; register_globals = Off allow_url_include
= Off basename, realpath, preg_match htmlspecialchars, htmlentities, strip_tags Friday, November 9, 12
Cross-site Request Forgery (CSRF) <img src=”http://adres.com/gonder.php?yorum=Örnek”> Oturum bazlı doğrulayıcı anahtarlar
(token) $_SERVER[‘HTTP_REFERER’] kontrol Ajax: $_SERVER[‘HTTP_X_REQUESTED_WITH’] kontrol Friday, November 9, 12
Sorular? Friday, November 9, 12
PHP ve Web Güvenliği ezber kartları! Friday, November 9, 12
Teşekkürler! http://php.net/manual/tr/security.php http://shiflett.org/php-security.pdf http://hi.do http://github.com/hdogan Twitter @hdogan Friday, November 9,
12
hdogan
kazto
shmokmt
.jpg){kind=avatar}
tak_dcxi
po3rin
chalasr
kmurahama
nearme_tech
hasibirok0
nogu66
kanamasa
haru860
matsu_chara
ipullrank
inesmontani
reverentgeek
smashingmag
cassininazir
portentint
.png){kind=avatar}
helenjbeal
notwaldorf
zakiyama
eileencodes
hatefulcrawdad
codingconduct
