For custom query in Joomla is not prevent the SQL injections issue. So that, we need to add some script to the query.
In Joomla we can using
$db->quote($param) to prevent SQL injections in custom query.
The Example of the query:
$db = JFactory::getDbo();
$query = "INSERT INTO table (`username`, `password`) VALUES (".$db->quote($username).", $db->quote($password))";
$db->setQuery($query);
$db->query();
In the query you not need to add
Single Quote Symbol. Because it will help you add in your query.
Here we describe how we can protect our class file that calling with include function, but it was not secure and its have big risk. For the solution if we can make the file cannot execute or calling when it not include by PHP file.
Why we need it? because when someone try calling http://localhost/module/foo.class.php it will be successful and maybe some accident will happen here.
if( basename( __FILE__ ) == basename( $_SERVER['PHP_SELF'] ) ) exit();
Except from apache you can let your .htaccess file tighten up your site’s security and give extra level of protection.
I am going listing out few example and show you how to use it or where to use it. You don’t have to use every single one, just whatever you feel would help you improve your site security.