2. Always assume the data you receive is somehow meant to damage your web and
validate it accordingly!
Remember that your web is only as good as the information it displays, so make sure
your data is in order.
All the best,
- Atli Þór
Jun 18 '07 #1
18 Comments
Ads by Google
Robin
code.google.com/p/robin/
Automatic Python bindings generation for C/C++
kumarsantosh
re: Using HTML Forms to pass data to PHP
P: 1 Good Codeing for
Creat login Id using html in php
Dec 5 '07 #2
absentmindedjwc
re: Using HTML Forms to pass data to PHP
P: 3 Good tutorial, but this is incredibly important... (to the readers, not to the author,
lol)you may have heard that $_GET poses a security risk, but it is technically no
bigger than $_POST. With a basic understanding of web development, the firefox
web developer toolbar, and a few minutes, a malicious user can easily pass any
value he/she wants through that POST value.
the moral of the story, NEVER TRUST DATA COMING FROM THE USER!!! This
rule is absolute, I dont care if the only user is the tech guy that works at your office,
any data from any user has to be taken with a grain of salt.
That said, it is rather easy to sterilize data
Expand|Select|Wrap|Line Numbers
1. function sterilize (&$sterilize=NULL) {
2. if ($sterilize==NULL) {return NULL;}
3. $check = array (1 => "'", 2 => '"', 3 => '<', 4 => '>')