Page 1 of 1
$_POST Vulnerabilities
Posted: Wed Aug 08, 2007 3:09 am
by aceconcepts
Hi,
I use a lot of forms that "POST" data. What security measures should I consider to ensure that the data posted is secure (inaccessible to unauthorised people)?
Posted: Wed Aug 08, 2007 4:20 am
by volka
Posted: Wed Aug 08, 2007 4:22 am
by mikeeeeeeey
You can't really stop people accessing that information, since anything inside a form can be manipulated by tools outside of it.
If you're posting this data to a database however, you'll need to cleanse and sanitise your POST variables in order to keep your SQL input secure and uncomprimised.
Look up mysql_real_escape_string(), addslashes() and get_magic_quotes().
Also, things such as numbers can be parsed as integers by using (int).
Hope this helps.
Posted: Wed Aug 08, 2007 4:28 am
by aceconcepts
Nice one.
Thanks to both of you
