Following the below steps can help prevent your PHP Form from getting Hijacked:
1. Make "register_globals" set to "Off" to prevent Form Injection with malicious data.
2. Make "Error_reporting" set to "E_ALL" so that all variables will be initialized before being used.
3. Make practice of using htmlentities(), strip_tags() and addslashes() to filter out malicious data entered.
4. Make practice of using mysql_escape_string() in mysql.
5. User Input Sanitization: Never trust web user submitted data. Follow good client side data validation practices with regular expressions before submitting data to the server.
1. Make "register_globals" set to "Off" to prevent Form Injection with malicious data.
2. Make "Error_reporting" set to "E_ALL" so that all variables will be initialized before being used.
3. Make practice of using htmlentities(), strip_tags() and addslashes() to filter out malicious data entered.
4. Make practice of using mysql_escape_string() in mysql.
5. User Input Sanitization: Never trust web user submitted data. Follow good client side data validation practices with regular expressions before submitting data to the server.
No comments:
Post a Comment