I am looking for good cookie and session security scripts and whatever there is... Security filters for sql injection, whatever. Is anyone out there offering service or selling/giving for free scripts like that?
it depends on what code you are using and how you handle session and mysql. anyway there are a lot to choose. or you can hire someone to do it for you. please allow me peek into your site so that i can suggest what can be done
I found it pretty useful to just check all variables for dangerous words. For example, my system deals mostly with part numbers so I just check the whole query string for them. As such: $get = $_SERVER["QUERY_STRING"]; if(strstr($get,'http') || strstr($get,' ') || strstr($get,'www.') || strstr($get,'.com') || strstr($get,'%20') || strstr($get,' and ') || strstr($get,' or ') || strstr($get,'select') || strstr($get,'update') || strstr($get,'insert') || strstr($get,'%20and%20') || strstr($get,'%20or%20') || strstr($get,'%20like%20') || strstr($get,' like ') || strstr($get,'drop') || strstr($get,'table') || strstr($get,'values')){ echo "Sorry, invalid URL."; exit; } PHP: