I have a full PHP code-base that must be cleaned of any hidden backdoors, patched against SQL Injection, and then deployed so it runs smoothly on my Windows server environment. The application currently runs, but I cannot risk latent malware or unsafe database calls remaining in production. What I need you to do • Examine every file—manual review plus your preferred static-analysis tools (e.g. SonarQube, RIPS, phpStan) to spot obfuscated code, web shells, or suspicious eval/exec patterns. • Refactor insecure SQL statements to use prepared queries or an ORM layer where practical, confirming user input is safely sanitised. • Apply all other best-practice hardening steps that come up during your audit (strict error handling, safe file uploads, updated dependencies, etc.). • Package the sanitised application and deploy it on my Windows server. Whether you choose Apache, Nginx, or IIS is flexible as long as performance is solid and everything works out of the box. • Provide a concise security-audit report summarising findings, fixes, and the final test results. Acceptance criteria – No detectable backdoors or malicious payloads in the final tree. – All SQL Injection vectors mitigated and confirmed by automated scans plus a manual proof test. – Application runs without errors on my Windows host and passes a basic load test. – Clear deployment notes so future updates remain secure. I’m ready to give you server access (staging first) as soon as we agree on a timeline. Let me know the tools you’ll use and an estimated turnaround—looking forward to locking this code down together.