Securing PHP written medical websites


  • Daniel C LEUCUŢA Department of Medical Informatics and Biostatistics, Iuliu Haţieganu University of Medicine and Pharmacy, Louis Pasteur Str., no. 6, 400349 Cluj-Napoca, Romania.


Security, PHP, Website, Medical


Medical websites, as well as patient data, and user data on medical websites, have to be secured, and effort should be put to increase the privacy of the users. PHP is one of the most used scripting languages for website development. But it is highly criticized from the security point of view. Developers should build medical PHP websites with security in mind, beside their efforts to fulfill the website purpose. The most common attacks, and security issues on PHP websites are: SQL injection attack (where an attacker tries to insert malicious code in the SQL queries); cross-site scripting (where external code is injected in the output of the website); cross-site request forgery (where unwanted commands are injected from a user that the website trusts); session hijacking (where the session ID of the user is stolen); broken authentication and access control; sensitive data exposure; error logging; using components with known vulnerabilities. Their description and ways to mitigate are presented.




How to Cite

LEUCUŢA DC. Securing PHP written medical websites. Appl Med Inform [Internet]. 2019 Sep. 14 [cited 2024 Jun. 22];41(Suppl. 1):12. Available from:



Special Issue - RoMedINF