Search Help Board

PHP Articles
PHP Help
Bulletin Board

PHP Manual (NEW!)
First Time PHP'ers
Help with programming
Sql assignment help
PHP Homework Help

C# Help

?Re: PHP Post security
Date:???02-17-04 09:18

Post or Get are both open to the same security risks, including sql injection and other hacks...

ALL data regardless of post or get MUST be validated for proper format for the field... like name (need to validate for alpha only plus hyphen and period) any other characters should cause an error, you can also check length (any thing under 2 is useless and over 50 is suspect as well.

basic coding designs spends 70% of the time validating user input and 30% of the time running code.

The basic hack with post is to copy the page locally, bypass any form restrictions(ie change a textbox to a textarea and write nasty sql statements to @!#$ the db) and then submit the form back...

REgex is the best way to check form data by using pattern matching to validate the data


?Topics Author? Date
?PHP Post security??new
Andrew Gibbs 02-17-04 01:16?
?Re: PHP Post security??new
bastien 02-17-04 09:18?
?Re: PHP Post security??new
Andrew Gibbs 02-17-04 10:34?
?Re: PHP Post security??new
bastien 02-17-04 14:20?
?Re: PHP Post security??new
Andrew Gibbs 02-18-04 01:35?
?Re: PHP Post security??new
bastien 02-18-04 05:14?
?Re: PHP Post security??new
shjock 02-18-04 03:50?
Go to Top??|??Go to Topic??|??Flat View??|??Search?
New Topic
?Reply To This Message
?Your Name:
?Your Email:
Email replies to this thread, to the address above.

Provided By