|
|
PHP Form Hijacking - PHP
|
Views : 537
|
|
Tagged in : PHP
|
|
|
Report This Scrap as Inappropriate
We request you to choose the appropriate categroy and subcategory that suits your
objectionable concern about the scrap, So that our team can review and find out whether it violates our Guidelines or the
scrap is not suitable for all viewers.
|
PHP Form Hijacking
Following things can be done for preventing your PHP Form from Hijacking
1. Make register_globals to off to prevent Form Injection with malicious data.
2. Make Error_reporting to E_ALL so that all variables will be intialized before using them.
3. Make practice of using htmlentities(),strip_tags(), utf8_decode() and addslashes() for filtering malicious data in php
4. Make practice of using mysql_escape_string() in mysql.
5. Follow good client side data validation practices with regular expressions before submitting data to the server.
6. Form Submission Key Validation: A singleton method can be used to generate a Session form key & validating form being submitted for the same value against hidden form key params.
7. Escape data which is being passed into sql query using mysql_real_escape_string() function.
8. Also input data must be filtered before being passed into sql query using proper validation methods and use of htmlentities() function
|
|
By Nirmala, On - 2010-09-02 |
|
|
|
