Page 1 of 1

$_POST Vulnerabilities

Posted: Wed Aug 08, 2007 3:09 am
by aceconcepts
Hi,

I use a lot of forms that "POST" data. What security measures should I consider to ensure that the data posted is secure (inaccessible to unauthorised people)?

Posted: Wed Aug 08, 2007 4:20 am
by volka

Posted: Wed Aug 08, 2007 4:22 am
by mikeeeeeeey
You can't really stop people accessing that information, since anything inside a form can be manipulated by tools outside of it.

If you're posting this data to a database however, you'll need to cleanse and sanitise your POST variables in order to keep your SQL input secure and uncomprimised.

Look up mysql_real_escape_string(), addslashes() and get_magic_quotes().

Also, things such as numbers can be parsed as integers by using (int).

Hope this helps.

Posted: Wed Aug 08, 2007 4:28 am
by aceconcepts
Nice one.

Thanks to both of you :wink: