EN1GM4 wrote:> So my problem...my php/html forms are not consistently passing
> form field data to it's posting page. When I change my form
> But I'm doing database updates, and I can't allow the user to
> have the opportunity to do database updates by modifying the
> URL of the page that the form's posting to. So a POST is
> definitely required.
just because you switch to post does not mean your php code is not vulnerable to sql injection attacks. you still need to write secure code.
- check and validate every value a user submits. make sure that is the correct type (string, boolean, integer, float, etc), the correct length, and make sure you use ereg() or eregi() and pattern matching to only allow the characters you want the user to be allowed to submit:
ereg(), eregi(), isset(), gettype(), intval(), is_int(), is_bool(), is_float(), is_numeric(), is_string(), is_array(), is_object(), settype(), etc.
- escape every questionable character in your queries
do not use addslashes(), that just does not provide any kind of security. use mysq_real_escape_string(). However, take note that using mysq_real_escape_string(). is a way to help secure you code, but it is not a 100% failsafe. you still need to write secure code.
Here are some related posts on my
Web Development for Newbies Blog:
Basic PHP SecurityBasic PHP script security covers issues like prevention of SQL injections, XSS and CSRF attacks, variable tampering, etc.
PHP Security by ExampleNice flash presentation that will provide you with a good foundation on how to make your PHP apps more secure.
PHP Password Security Using SaltsLearn to make unique-per-user salts to create un-bruteforceable passwords. This method will prevent brute forcing from online md5 databases and rainbow tables.
A (safe) contact form using Xajax and PHPmailerTry this tutorial to create web form to send e-mails to ONE e-mail address without having problems with spambots. The e-mail is send with SMTP and the form is processed with Xajax.
Secure File Upload with PHPPHP makes uploading files easy. You can upload any type of file to your Web server. But with ease comes danger and you should be careful when allowing file uploads.
CyberSpatium----------------------WAMP English Forum Admin
I have WAMP5 working with (for development use only):Windows Vista Ultimate x64 (64 bit)
Kaspersky Internet Security Suite 7.0.x
Spyware Terminater 2.x
CounterSpy 2.5.x
Need help? Check out my
WAMP User Manual/Guide here!
Cellular Phone Deals - The Best on the Net! -
FREE PHONES! Take your pick from our featured cellular phone deals by Cingular, Verizon, T-Mobile, Sprint PCS, Nextel, and more! Most of our cellular phone offers include a
FREE cellular phone with
FREE shipping!
Web Development for Newbie's Blog - Check out my new blog. It is for web developers, and especially tailored for the web development newbie. If you are not fluent in geek speak, then this incredible resource is just you. And even if you are a web development pro, this is a great resource to check out some of the latest web development tips, news, tutorials, codes and more.
Clarify LoansMortgage and Home Loan Advice
LaxGo Web DirectoryPowerful human edited web directory of quality, spam-free sites organized via a comprehensive category structure.