[thelist] Keeping PHP forms secure
Andrew Kamm
kamm at andrewkamm.com
Fri Aug 3 14:50:49 CDT 2007
> Is this enough to keep the database safe from attack? It seems like there
> should more to this but I have googled and didn't find anything.
For the most part, but you may also want run a 'sanity check' on
individual fields to make sure they're appropriate and that someone
isn't trying to manipulate your application while trolling for holes.
If you're getting a paragraph of text when the field requires only an
integer, there's something wrong.
You also want to protect your app when you display user-entered data
by using htmlentities() (to prevent XSS attacks).
ak
More information about the thelist
mailing list