Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Aug 2011
    Posts
    134
    Thanks
    20
    Thanked 0 Times in 0 Posts

    security practices

    I had general question about security in php.
    Suppose i have a value submitted from a form called $form that would go to the database.
    What functions would good to clean it before it goes to the database.
    Suppose I want to display the $form variable in the browser, what would i use to display to prevent javascript or html injection other than strip_tags.

    On another note, what security practice should i follow when dealing with sessions and session varibales.

  • #2
    Regular Coder
    Join Date
    Aug 2011
    Posts
    134
    Thanks
    20
    Thanked 0 Times in 0 Posts
    a bit of information cookies would also help..

  • #3
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    The main thing you want to watch out for is sql injection. mysql_real_escape_string() will prevent that. If you want to stop people being able to post html, you should use things like htmlentities() etc.
    Useful function to retrieve difference in times
    The best PHP resource
    A good PHP FAQ
    PLEASE remember to wrap your code in [PHP] tags.
    PHP Code:
    // Replace this
    if(isset($_POST['submitButton']))
    // With this
    if(!empty($_POST))
    // Then check for values/forms. Some IE versions don't send the submit button 
    Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •