ABSTRACT
PHP language builds on driving in high performance database and dynamic flexibility Web2.0 technology. It has become the most popular website development tool, especially in e-commerce, and is especially prominent in the perfect combination of it and other open source softwares such as MySql, database and Apache server. However, as more and more sites start using PHP development, they also become vulnerable to attack targets. The developer must initiate attack preparations. With the increase in attack frequency and the changing mode of attack, security and protection measures have become major concerns; this mainly includes: preventing cross site scripting attacks vulnerability, preventing a SQL injection attack, session hijacking etc.
