What is htaccess?

Using this ".htaccess" file we can control "php.ini" and "httpd.conf" file.

For php.ini:

for register globals Enter "php_flag register_globals on" in that file and place it inside the context folder where you are running the php files. Now this is set to globals throughout the files present inside that context folder. This is boolean so we are giving like "php_flag". if it is the value we have to give like "php_value"

For example : [php_value sendmail_from "dineshsdk85@gmail.com"] we have to give like this for the values.

PHP Form Hijacking. How to prevent form hijacking in PHP?

Following things can be done for preventing your PHP Form from Hijacking

1. Make register_globals to off to prevent Form Injection with malicious data.

2. Make Error_reporting to E_ALL so that all variables will be initialized before using them.

3. Make practice of using htmlentities(), strip_tags(), utf8_decode() and addslashes() for filtering malicious data in php

4. Make practice of using mysql_escape_string() in mysql.

5. User Input Sanitization-Never trust web user submitted data. Follow good clieint side data validation practices with regular expressions before submitting data to the server.

6. Form Submission Key Validation: A singleton method can be used to generate a Session form key & validating form being submitted for the same value against hidden form key params.