security of forms
Posted: Wed Feb 19, 2003 1:42 pm
can we compile a list here on how to make form values most secure and "stylish"? I mean general texts submitted via forms being inserted into a database.
I'd suggest always going with this for example:
<input type="name" blabla>
and then in the script:
$name = (!empty($HTTP_POST_VARS['name'])) ? trim($HTTP_POST_VARS['name']) : ' '; // or $_POST
function verify($string)
{
// looking for hacking attempts (using ; , " or ' in forms)
$err = (!substr_count($s, "\;") > 0) ? 0 : 1;
$err = (!substr_count($s, "\"") > 0) ? 0 : 1;
$err = (!substr_count($ns, "''") > 0) ? 0 : 1;
if($err == 1) return FALSE;
else return TRUE;
}
if(verify($name) == FALSE) die("Hacking attempt! have to go!");
any comments and suggestions appreciated.
I'd suggest always going with this for example:
<input type="name" blabla>
and then in the script:
$name = (!empty($HTTP_POST_VARS['name'])) ? trim($HTTP_POST_VARS['name']) : ' '; // or $_POST
function verify($string)
{
// looking for hacking attempts (using ; , " or ' in forms)
$err = (!substr_count($s, "\;") > 0) ? 0 : 1;
$err = (!substr_count($s, "\"") > 0) ? 0 : 1;
$err = (!substr_count($ns, "''") > 0) ? 0 : 1;
if($err == 1) return FALSE;
else return TRUE;
}
if(verify($name) == FALSE) die("Hacking attempt! have to go!");
any comments and suggestions appreciated.