Results 1 to 2 of 2
  1. #1
    Join Date
    Jan 2007

    Unanswered: securing form data

    hi, one of the things which concerns me most about advanced web development is security, and one of the most concerning aspects is securing post/get data.

    what php function(s) would you recommend applying to data that would ideally be as flexible as possible?

  2. #2
    Join Date
    Mar 2007
    There are 2 rules to follow:
    1) Filter input
    2) Escape output

    Also in the fight against those "evil-doers" I recommend that you NEVER trust user input. i.e. treat all user input as bad.

    Begin with escaping all SQL statements...
    Most forms of injection can be stopped using this technique.

    Also, when dealing with XSS (cross site scripting) your best friend is htmlentities() . Any user input which is output should also be turned into html friendly code. This stops javascript injections, which basically stops all possible XSS as it relies on javascript.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts