phpids integration and usage

Posted on 2013-07-01
Last Modified: 2013-08-04
Hi EE,

Please do let me know steps to integrate phpids and how to verify if its working and monitor the attacks.
Question by:Insoftservice
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 56

Assisted Solution

by:Julian Hansen
Julian Hansen earned 300 total points
ID: 39289526
I would start with reading the FAQ
LVL 15

Author Comment

ID: 39289637
@julianH i tried with but was not completely successful.
Please do let me know whether we have some API which would not only detect attacks but also avoid it.PHPIDS detects all sorts of XSS, SQL Injection, header injection, directory traversal, RFE/LFI, DoS and LDAP attacks. But it does not prevent it.

Is there some api which does both specially sql injection.
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 200 total points
ID: 39289748
I would probably approach this from a different perspective, especially since it's at level 0.7 and since I got the "Untrusted Connection" warning when I tried to visit the phpids link.

Instead of trying to enumerate the threats and attacks, just switch your thinking to the security mantra: Accept Only Known Good Values.  To be sure, there are still attacks that can be mounted against thoughtfully secured web sites, but they are far less likely to succeed if your script tests every external input for "reasonable" values and simply ignores the ones that fail the reasonability tests.

This link (and the whole organization) may be useful.  If you're not a member, join!
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

LVL 15

Author Comment

ID: 39292202
LVL 15

Author Comment

ID: 39369133
LVL 56

Accepted Solution

Julian Hansen earned 300 total points
ID: 39369276
Is there some api which does both specially sql injection.
Don't look for an API to do this for you - to prevent SQL injection code your page and queries correctly.

Use either mysqli or PDO

A) Put all data to go to database through mysqli_real_escape_string (in the case of mysqli
B) Use prepared statements
LVL 15

Author Closing Comment

ID: 39380283
Issue had got already resolved, but the suggestion was also up-to the mark to resolve and tackle my questions more easily thx to all

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit ( and similar technologies have enjoyed wide adoption, making it possib…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question