Ryan Bayne
asked on
Safe PHP form submission and Validating PHP_SELF
Hey
My site has recently been hacked however it was no where near completion I had only tested it. There is not as much security on forms that there could be simply because I'm less experianced to just add it in as I go along.
Time to learn! So far from what I have found a form script will double in size just to add this security so I'm a bit cautious as to what I really need to do.
This example...
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
Sounds solid however I cant find anything else about it online so do I really need to use this measure?
I'm also asking here for any resource to developing SAFE forms. Get lots of info in Google about it but I can help thinking I'm going to miss something out and its going to be hacked anyway!
Theres stripslashes and preg_replace! Do I use BOTH or one of them and WHERE do I use each of them?
oh and theres $user = strip_tags(substr($_POST[' user'],0,3 2));
but if they are all such code methods and required for security why cant I find any forms which use them all?
Any advice will be giving points :)
thanks
My site has recently been hacked however it was no where near completion I had only tested it. There is not as much security on forms that there could be simply because I'm less experianced to just add it in as I go along.
Time to learn! So far from what I have found a form script will double in size just to add this security so I'm a bit cautious as to what I really need to do.
This example...
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
Sounds solid however I cant find anything else about it online so do I really need to use this measure?
I'm also asking here for any resource to developing SAFE forms. Get lots of info in Google about it but I can help thinking I'm going to miss something out and its going to be hacked anyway!
Theres stripslashes and preg_replace! Do I use BOTH or one of them and WHERE do I use each of them?
oh and theres $user = strip_tags(substr($_POST['
but if they are all such code methods and required for security why cant I find any forms which use them all?
Any advice will be giving points :)
thanks
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Lots of good help there and advise
shadow_shooter I'll use your list as a check list when I go through my entire site and check all of these measures are in place.
No doubt there is a lot of newbie mistakes from when I started the site 6 months ago!
cheers all, going to leave this question open a bit more
shadow_shooter I'll use your list as a check list when I go through my entire site and check all of these measures are in place.
No doubt there is a lot of newbie mistakes from when I started the site 6 months ago!
cheers all, going to leave this question open a bit more
ASKER
I did consider just getting a book its important enough to so I think I will go ahead and do that.
I think I can get by until that book comes but I'd really like to know the order of code from this example...
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
I dont get the explaination of how to use it! He says cut a part out then place a part after the part you cut out. I just dont get that lol