Scripts comprising a PHP proxy can be written in two ways. First, they can be written as a sequence of commands, to be executed one after the other. Second, they can be structured like classes in an object-oriented programming language. Either type of PHP script can be included inside other PHP scripts to minimize repeated code throughout the proxy.
Since a PHP proxy is run on the Internet, there are many security issues that should be taken into account when writing one. PHP proxies must not only transfer data from a web page to a server, they must also check the data given on the web page to ensure that the data will not negatively impact the server. The PHP scripting language has some built-in functions that allow for proper validation and sanitation of input, but these alone cannot always protect a server from a malicious attack. Proper error checking of input and proper structuring of the scripts within the PHP proxy are essential.
When a PHP proxy consists of multiple scripts, each script should have some form of error checking and input validation. Even if a PHP script doesn't take input directly from a web page, it may still be possible for a user, innocent or malicious, to run the script from the Internet in contexts when it shouldn't be. There exist in the PHP language both built-in methods and small algorithms the developer can implement to prevent this unauthorized execution. Foolproofing PHP scripts in this manner does not necessarily entail specific provisions in each script to prevent access from every other script as well as the Internet. Often, simple mechanisms can be used that protect scripts from most common attacks.
PHP proxies allow web pages to have wide functionality beyond static text and images. While validation of forms is by far the most common functionality, PHP can also be used to create dynamic images or directly call programs to generate results from data. Each distinct use of PHP has its own set of security concerns, and one should take great care to balance functionality with safety in a PHP proxy.