---
title: "PHP Security"
description: "> This file extends the common security rule with PHP specific content."
type: skill
canonical_url: https://claudary.paisolsolutions.com/skills/php-security
source: "Claudary"
difficulty: intermediate
author: "Claude Code Knowledge Pack"
date: 2026-07-10T11:31:58.508Z
license: CC-BY-4.0
attribution: "PHP Security — Claudary (https://claudary.paisolsolutions.com/skills/php-security)"
---

# PHP Security
> This file extends the common security rule with PHP specific content.

## Overview

---
description: "PHP security extending common rules"
globs: ["**/*.php", "**/composer.lock", "**/composer.json"]
alwaysApply: false
---
# PHP Security

> This file extends the common security rule with PHP specific content.

## Database Safety

- Use prepared statements (`PDO`, Doctrine, Eloquent query builder) for all dynamic queries.
- Scope ORM mass-assignment carefully and whitelist writable fields.

## Secrets and Dependencies

- Load secrets from environment variables or a secret manager, never from committed config files.
- Run `composer audit` in CI and review package trust before adding dependencies.

## Auth and Session Safety

- Use `password_hash()` / `password_verify()` for password storage.
- Regenerate session identifiers after authentication and privilege changes.
- Enforce CSRF protection on state-changing web requests.

---

Source: [Claudary](https://claudary.paisolsolutions.com/skills/php-security) · https://claudary.paisolsolutions.com
