All skills
Skillintermediate
PHP Security
> This file extends the common security rule with PHP specific content.
Claude Code Knowledge Pack7/10/2026
Overview
PHP Security
This file extends the common security rule with PHP specific content.
Database Safety
- Use prepared statements (
PDO, Doctrine, Eloquent query builder) for all dynamic queries. - Scope ORM mass-assignment carefully and whitelist writable fields.
Secrets and Dependencies
- Load secrets from environment variables or a secret manager, never from committed config files.
- Run
composer auditin CI and review package trust before adding dependencies.
Auth and Session Safety
- Use
password_hash()/password_verify()for password storage. - Regenerate session identifiers after authentication and privilege changes.
- Enforce CSRF protection on state-changing web requests.