PHP and MySQL Web Development - P71: PHP and MySQL Web Development teaches the reader to develop dynamic, secure, commercial Web sites. Using the same accessible, popular teaching style of the first edition, this best-selling book has been updated to reflect the rapidly changing landscape of MySQL and PHP. | 322 Chapter 15 Implementing Secure Transactions with PHP and MySQL Our data Data Packets Compressed data Message Authentication Code Encrypted Packets TCP Packets Figure SSL breaks up compresses hashes and encrypts data before sending it. Compression schemes rely on identifying repetition or patterns within data. Trying to apply a compression algorithm after data has been turned into an effectively random arrangement of bits via encryption is usually pointless. It would be unfortunate if SSL which was designed to increase network security had the side effect of dramatically increasing network traffic. Although SSL is relatively complex users and developers are shielded from most of what occurs as its external interfaces mimic existing protocols. In the future SSL may be replaced by TLS Transport Layer Security but at the time of writing TLS is a draft standard and not supported by any servers or browsers. TLS is intended to be a truly open standard rather than a standard defined by one organization but made available for others. It is based directly on SSL but contains improvements intended to overcome weaknesses of SSL. Screening User Input One of the principles of building a safe Web application is that you should never trust user input. Always screen user data before putting it in a file or database or passing it through a system execution command. We ve talked in several places throughout this book of techniques you can use to screen user ll list these briefly here as a reference. Providing Secure Storage 323 The addslashes function should be used to filter user data before it is passed to a database. This function will escape out characters which might be troublesome to a can use the stripslashes function to return the data to its original form. Magic can switch on the magic_quotes_gpc and magic_quotes_run-time directives in your directives will automatically add and strip slashes for you. .