$_POST Vulnerabilities

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

$_POST Vulnerabilities

Post by aceconcepts »

Hi,

I use a lot of forms that "POST" data. What security measures should I consider to ensure that the data posted is secure (inaccessible to unauthorised people)?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

User avatar
mikeeeeeeey
Forum Contributor
Posts: 130
Joined: Mon Jul 03, 2006 4:17 am
Location: Huddersfield, UK

Post by mikeeeeeeey »

You can't really stop people accessing that information, since anything inside a form can be manipulated by tools outside of it.

If you're posting this data to a database however, you'll need to cleanse and sanitise your POST variables in order to keep your SQL input secure and uncomprimised.

Look up mysql_real_escape_string(), addslashes() and get_magic_quotes().

Also, things such as numbers can be parsed as integers by using (int).

Hope this helps.
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Post by aceconcepts »

Nice one.

Thanks to both of you :wink:
Post Reply