How to use this course

PHP security is a vast topic. It can be intimidating if you are approaching it for the first time.

The main goal of PHP Security Mastery is to make the learning process as easy and fast as possible, while still providing you with the complete picture.

To reach this goal, the course is organized into chapters, each of them focusing on a specific topic.

I suggest you go through the chapters in the proposed order, unless you already have a solid security background.

The first chapter is especially important because it explains the fundamental web security concepts that will be used throughout the course.

Chapters are organized into lessons.

Each lesson, with a few exceptions, follow an "Introduction - Solution - Example" pattern:

  • First, a specific problem is introduced (like a vulnerability, a defense technique or a type of attack). The problem is explained so you can clearly understand what it is about, without going into unnecessary theoretical details.
  • Then, the practical solution to the problem is provided (like a defense strategy or a technique implementation). Where possible, the solution's PHP implementation is provided as well.
  • Finally, one or more examples show how it all works in practice.

Even if the lessons are written in an easy and accessible language, it's important that you stay focused on the lesson to understand each word and each line of code. Studying without distractions will make you finish the course earlier and will help you remember the content better.

To get the most out of this course, I suggest you try all the examples yourself. You can do this easily by installing a local development environment (see below).
Try the SQL related examples as well. You can download the MySQL connection scripts from the link at the end of this lesson.

Install a local development environment

In this course you will find many code examples. I suggest you try and replicate them all and make your own tests to fully understand the lessons.

The best way to do that is by installing a local development environment on your computer.

A local development environment provides you with an "AMP" framework: Apache (or another HTTP server), MySQL (or MariaDB, which is equivalent in this context) and PHP.

PHP version 7.4.0 or higher is recommended. PHP 8 is supported as well.

There are many free development environments you can use, for both Windows and Mac (if you are using Linux, you probably already know your way...)

Here are some popular choices:

XAMPP (Windows and Mac)

MAMP (Windows and Mac)

WAMP (Windows)

Laragon (Windows)

If you have an online hosting server, you can use that too. However, keep in mind that you may not be allowed to edit your PHP configuration, and working remotely is more time consuming than working locally. A local development environment is usually the preferred choice.

MySQL connection scripts

In the download section below you can find three MySQL connection scripts that you can use to connect to your environment's MySQL server.

  • mysqli_proc.php is a procedural-style, MySQLi connection script.
  • mysqli_oop.php is an OOP-style, MySQLi connection script.
  • pdo_oop.php is an OOP-style, PDO connection script.

You can use the one you prefer.

Make sure to edit them to make them work with your own configuration (refer to your local development environment documentation).

Complete and Continue