» Quick Links
You can make money on these forums
We Share profits with you
Google
Google Adsense
Google Adwords
YPN
Yahoo
MSN Search
Web Directories
Web Hosting
Web Hosting Offers
Hosting News
Suggestions
Link Building
Domain Names
PHP Forums
MySQL Forums
» More Links
OSP News
Reseller Hosting
Shared Hosting
Dedicated Servers
Google Adsense
Search Engine Marketing
Link Development
Affiliate Marketing
» Advertising
Multiple DC PR Check

Free SEO Tools


Go Back   Webmaster Forums > Website Developement / Programming > PHP Programming and Tips
Reload this Page PHP security

PHP Programming and Tips Discuss about PHP programming and Share Tips. Ask questions about Scripting and Errors.

Reply
 
Thread Tools Display Modes
  #1  
Old 09-12-2006, 11:26 AM
fraank fraank is offline
OSP Starters
  
Join Date: Sep 2006
Posts: 23
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
fraank is on a distinguished road
Default PHP security
hi there,
What are some tips you know about adding security to processing forms such as registration forms, generators, login forms, contact forms, etc? This is because I am thinking that a basic PHP form can be too unsecured from exploits such as spam submitting, spam registration, etc. -- This message may have been cut off and the rest will only be shown to members. To become a member, click here --
Reply With Quote
Revenue Sharing Ads ( ?):
  #2  
Old 09-12-2006, 11:28 AM
sacnite sacnite is offline
OSP Starters
  
Join Date: Sep 2006
Posts: 15
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0
sacnite is on a distinguished road
Default
Never trust your users, Validate everything, Initialize your variables, Check user privileges on every page if you're using access control, Understand XSS, Understand SQL Injection, Do not display PHP errors to users, Turn off register_globals (defaulted to off in php 4.2.0+), CAPTCHA for spam. -- This message may have been cut off and the rest will only be shown to members. To become a member, click here --
Reply With Quote
  #3  
Old 09-12-2006, 11:31 AM
OMAG OMAG is offline
OSP Starters
  
Join Date: Sep 2006
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OMAG is on a distinguished road
Default
anytime you use a variable to update a piece of a mysql_query, USE mysql_real_escape_string ON EVERY VARIABLE that the user has an opportunity to manipulate!
IE
mysql_query("SELECT * FROM books WHERE book_title = '".mysql_real_escape_string($_POST['book_title'])."'");
and, also, never output and input variable to the output (like as an error). This opens it up for XSS
bye -- This message may have been cut off and the rest will only be shown to members. To become a member, click here --
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rackspace Introduces Enhanced Network Security outsourcingplans Web Hosting News 0 11-15-2006 02:42 AM
Trend Micro Introduces InterScan Messaging Security outsourcingplans Web Hosting News 0 10-11-2006 03:39 AM
Security Safe PHP Session Setup waugh PHP Programming and Tips 2 08-03-2006 05:03 PM
VeriSign to Provide Security Risk Profiling Service outsourcingplans Web Hosting Industry 0 03-27-2006 06:45 PM
SAVVIS Announces New Managed Security Utility Services outsourcingplans Web Hosting News 0 12-27-2005 02:42 PM


All times are GMT. The time now is 04:17 AM.

Contact Us - Webmaster Forums - Archive - Top