Laravel app interacting with a 3rd party API to get a token

I have one Laravel app with a GUI where the user logs in based on the data from a MySQL database. When the user logs in, the server needs to make a request to a specific endpoint of a 3rd party API in …

PHP – How to use csrf token in multiple forms on the same page

I have 2 forms on the same page. I want to use the csrf token in both forms. when I try to use it, it regenerates the csrf token on form submission. How can I solve this? <?php function csrf_token(…

Define ‘Path’ (URL) to one level above parent root

In reading various opinions on securing a PHP document containing database access information (to connect to the database), it’s been suggested several times to place this PHP file outside of the root …

Using $_GET in system() function – security question

So let’s say we have a following code: Is it secure? Can I escape from double quotes somehow? The …

Prevent SQL injection attack in PHP

I would like to prevent SQL attacks on this piece of PHP code (this is just a practice exercise in class). This can easily be exploited by setting @mail equal to something like ‘); DROP TABLE PURCHASE;…

How can I code a PHP file upload specificly for json files that is secure and wont allow Php or html to be uploaded

I am working on a site that allows models to be uploaded. the models are json format like this : {“meta”:{“format_version”:”3.0″,”model_format”:”bedrock_old”,”box_uv”:true},”name”:”crocodile”,”…

htmlspecialchars() on array of values fetch

Lets say I fetch data with PDO $stmt = $this->dbh->prepare(“SELECT * FROM posts”); $stmt->execute(); $result = $stmt->fetchAll(); return $result; How should I use …

Where to store cookies safely on Linux

I’m running curl from PHP and I want to use cookies. Curl, in PHP, accept the option COOKIEJAR that specifies the location where to save the cookie. I wanted to set it to curl_setopt_array( …

Sanitize file path in PHP without realpath()

Is there a way to safely sanitize path input, without using realpath()? Aim is to prevent malicious inputs like ../../../../../path/to/file $handle = fopen($path . ‘/’ . $filename, ‘r’);

PHP $_SESSION for multiple users at once

I’m wondering about how the $_SESSION array works. If I have a lot of users using my site do I need to set a subarray for each user? For instance right now I have $_SESSION[‘userid’] = $userid; $…