Best Books of the Month Shop Men's Shoes Learn more nav_sap_SWP_6M_fly_beacon $5 Albums All-New Amazon Fire TV Grocery Amazon Gift Card Offer blacklist blacklist blacklist  Amazon Echo Starting at $49.99 Kindle Voyage Shop Now STEM Toys & Games

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Digital List Price: $23.99
Kindle Price: $13.49

Save $16.46 (55%)

These promotions will be applied to this item:

Some promotions may be combined; others are not eligible to be combined with other offers. For details, please see the Terms & Conditions associated with these promotions.

Deliver to your Kindle or other device

Deliver to your Kindle or other device

Flip to back Flip to front
Audible Narration Playing... Paused   You are listening to a sample of the Audible narration for this Kindle book.
Learn more

Essential PHP Security Kindle Edition

33 customer reviews

See all 4 formats and editions Hide other formats and editions
Amazon Price
New from Used from
"Please retry"

Length: 130 pages

Kindle Daily Deals
Kindle Delivers: Daily Deals
Subscribe to find out about each day's Kindle Daily Deals for adults and young readers. Learn more (U.S. customers only)

Editorial Reviews


You've heard the nasty stories about PHP sites being wiped off the web by evil hackers? Sadly it's not scare-mongering as it does happen, and as much as we love PHP it needs proper security to keep your site safe from harm. Plenty of PHP books have the odd chapter on security but at last O'Reilly have published a whole volume dedicated to the cause, with all the code you'll need to keep everything in order. Each chapter covers a different aspect of the application, from form processing to database programming and session management. Written in a straight forward style, it's ideal for every PHP user, but at GBP20 you might expect a little more than just 100 pages." .NET, November 2005 "If you write PHP scripts, get a copy" - Alain Williams, news@UK, March 2006

Book Description

A Guide to Building Secure Web Applications

Product Details

  • File Size: 514 KB
  • Print Length: 130 pages
  • Simultaneous Device Usage: Unlimited
  • Publisher: O'Reilly Media; 1 edition (October 13, 2005)
  • Publication Date: February 9, 2009
  • Sold by: Amazon Digital Services, Inc.
  • Language: English
  • ASIN: B0026OR358
  • Text-to-Speech: Enabled
  • X-Ray:
  • Word Wise: Not Enabled
  • Lending: Not Enabled
  • Enhanced Typesetting: Not Enabled
  • Amazon Best Sellers Rank: #676,569 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

44 of 48 people found the following review helpful By John A. Suda VINE VOICE on November 2, 2005
Format: Paperback
You would think that with all of the books being published recently about PHP that everyone and his mother is writing PHP code. This may be true, but even if it is not, it is certain that many people and businesses are using PHP code, in concert with other applications like MySQL, to produce dynamic web sites. This is all well and good because PHP is a high-quality coding language especially well-suited to web applications. It is also open-source, meaning well-supported by a community of coders and developers and cost-free. The one problem is that, like all coding languages, poorly designed or written PHP applications can be security risks potentially allowing Internet miscreants to cause damage to web servers, hosts, and users. It appears to be the case that there are many, many instances of insecure PHP code in use, hence, the value in a targeted book on PHP security, like "Essential PHP Security", by Chris Shiflett.

The author is an internationally-known and accomplished expert on PHP security. He is the founder of the PHP Security Consortium, a group of volunteers who help educate the PHP community, and a well-known contributor to the PHP-general mail digest. The book is designed to provide security information and guidelines and explain the most common types of attacks and how to prevent or repel them.

"Essential PHP Security" is a slight volume of only 109 pages, including index. Shiflett wastes no time and immediately jumps into his topic, starting with his opinion on the use of the PHP concept of "register globals", a configuration setting which he recommends against using in favor of "superglobal arrays".
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
17 of 17 people found the following review helpful By Castlebravo on December 31, 2008
Format: Paperback
I really wanted to write a glowing review of Mr. Shiflett's book, Essential PHP Security, but I can't help but dissapointed by the weaknesses.

The author's blog ([...]) and PHP security website ([...]) are good sources of information on PHP security and web creation in general. With the wisdom hinted at via his websites, I looked forward to more in depth insights and specifics in his book. Unfortunately for Mr. Shiflett, writing a book is not like writing 'bites' for a blog or marketing yourself as experienced and knowledgable. This book reads like an anthology of blog articles and seminar presentations and that weakness kills what should otherwise really be an essential text.

As another helpful reviewer pointed out, this book is a not appropriate for new PHP programmers. That reviewer also noted that it is precisely new initiates to PHP that need these lessons the most. The protective measures suggested in the book are presented superficially. The author highlights the vulnerability, but then only hints at a protective measure by providing a code snip-it which totally lacks context. Most novice readers expect examples of how to apply and integrate the suggested technique effectively and efficiently within the basics they already know.

Mr. Shiflett writes in his acknowledgements, "Written during one of the busiest years of my life ... [the people at O'reilly] have gone out of their way to make the entire process fit around my writing style and busy schedule."

Smoking gun?

For a full price book, the author had room, but perhaps not the desire to provide more substance. Concise does not have to be superficial. The book's main content is 85 pages -- followed by three appendices between pages 87 and 103.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
11 of 11 people found the following review helpful By Sam on November 22, 2005
Format: Paperback
This long awaited work from who many refer to as the guru of PHP security is finally out.

I must say though, when it arrived in the mail, I was a bit surprised by the package. Rather than the typical book box you get, it was in a padded envelope and upon opening the package I saw that the book was a mere 109 pages (with appendices starting on page 87).

As I began to read the book, I started to realize some of the reasons for the small size. Chris stays completely on topic with PHP security and doesn't meander into subjects such as Linux server administration and security, which other (larger) texts do to quite a large extent. I acually went to another PHP security text I had recenty read, and if I took out the sysadmin sections, it left about the same amount of pages as Chris's book. Also Chris's approach to PHP security seems to be a very 'keep it simple one'. He doesn't get into elaborate security frameworks and application layers. He simply defines a PHP security issue, and provides a strait forward and simple solution for the problem. I agree with this approach since over engineering a solution, breeds complexity and complexity can easily mask, you guessed it, "security issues".

I would say what I liked most about this book is that he brought to light the security concerns when running on a shared host. I think this topic if very often neglected on the majority of PHP security articles and texts even though many of us use shared hosting due to how cheep it is. Chris devotes an entire chapter to the situation and clearly explains the vast security risks that come with shared hosting and gives examples of how to mitigate the risks.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews


There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
First post:
Prompts for sign-in