Link to home
Create AccountLog in
Avatar of Ryan Bayne
Ryan BayneFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Safe PHP form submission and Validating PHP_SELF

Hey

My site has recently been hacked however it was no where near completion I had only tested it. There is not as much security on forms that there could be simply because I'm less experianced to just add it in as I go along.

Time to learn!   So far from what I have found a form script will double in size just to add this security so I'm a bit cautious as to what I really need to do.

This example...
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
Sounds solid however I cant find anything else about it online so do I really need to use this measure?

I'm also asking here for any resource to developing SAFE forms. Get lots of info in Google about it but I can help thinking I'm going to miss something out and its going to be hacked anyway!

Theres  stripslashes and preg_replace! Do I use BOTH or one of them and WHERE do I use each of them?

oh and theres $user = strip_tags(substr($_POST['user'],0,32));  

but if they are all such code methods and required for security why cant I find any forms which use them all?

Any advice will be giving points :)

thanks

SOLUTION
Avatar of gamebits
gamebits
Flag of Canada image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Ryan Bayne

ASKER

OK so if I was inserting the data I just use 1 function not the whole lot. I take it each function has a best place for itself.

I did consider just getting a book its important enough to so I think I will go ahead and do that.

I think I can get by until that book comes but I'd really like to know the order of code from this example...
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html

I dont get the explaination of how to use it! He says cut a part out then place a part after the part you cut out. I just dont get that lol
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Lots of good help there and advise

shadow_shooter I'll use your list as a check list when I go through my entire site and check all of these measures are in place.

No doubt there is a lot of newbie mistakes from when I started the site 6 months ago!

cheers all, going to leave this question open a bit more