Can PHP+PHPMyAdmin build large web? [closed]

It's difficult to tell what is being ask开发者_高级运维ed here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 12 years ago.

I would like to ask you about how to build secure website. If I want to build some website that large scale (around 100,000 users use).

How do I manage about security? Only PHP and PHPMyAdmin is enough?

and tell me about the way that hacker could to attack my site. and how to protect?

Thanks!

---

You should be more worried about the security of the web server and vulnerability of your own code rather than PHP itself. SQL injection is the biggest concern when it comes to PHP/MySQL, however this is entirely in your control to prevent.

The first thing you should do when setting up a database is to prefix your table names and try to stay away from using easy-to-guess table names and fields.

Limit your database user account to the least amount of privileges necessary to run your application.

ALWAYS encrypt sensitive data such as passwords.

Validate data before passing it into queries. A good place to start is escaping your strings using PHP. More here: http://php.net/manual/en/function.mysql-real-escape-string.php

Ensure that any MySQL errors returned don't give users any information about your database structure.

And finally, you should know MySQL and be able to run queries from the command line - giving you the ability to manage the databases 100% without the use of PHPMyAdmin!

---

Worry about a 100,000 users only when your site actually gets to that point.

As far as basics of security go, I suggest you read up on:

Cross Site Scripting

SQL Injections

For a start, phpMyAdmin has an option to allow only certain IP addresses access. So, I suggest you look into that.