Safety is a very important aspect that you should pay attention when developing. It is important to keep in mind from the very beginning of the development. Leaving security as an afterthought to perform at later. That is why we will leave some tips on how to improve safety during the development of web applications.
Do not trust users
This is one of the most important rules. Consider your entire user data sent as malicious.
"SELECT username, email, password FROM users WHERE id = $ id"
With one line we can avoid SQL injection. For example.
Validation data on the server
Pay attention to the uploaded files
If you allow your users to upload files to the server checks properly. If they are images check its size, MIME type, etc. with the function getimagesize . Where are other files you can use fileinfo (available since version 5.3.0) for file information.
Secure your forms against bots
Use some kind of captcha to secure your forms against spammers bots. There are different techniques you can implement your own make use of some external service or use a third party library.
Minimum permissions for the user of the database
Give the minimum user permissions to the database. If the application will query only SELECT, INSERT and UPDATE that the user of the database can only perform SELECT, INSERT and UPDATE. It is not complicated and you can avoid the occasional headache.
Also Read Change Location of SQL Server database server