[thelist] Keeping PHP forms secure

Andrew Kamm kamm at andrewkamm.com
Fri Aug 3 14:50:49 CDT 2007

> Is this enough to keep the database safe from attack? It seems like there
> should more to this but I have googled and didn't find anything.

For the most part, but you may also want run a 'sanity check' on
individual fields to make sure they're appropriate and that someone
isn't trying to manipulate your application while trolling for holes.
If you're getting a paragraph of text when the field requires only an
integer, there's something wrong.

You also want to protect your app when you display user-entered data
by using htmlentities() (to prevent XSS attacks).


More information about the thelist mailing list