Following
things can be done for preventing your PHP Form from Hijacking
1.
Make register_globals to off to prevent Form Injection with malicious
data.
2.
Make Error_reporting to E_ALL so that all variables will be
initialized before using them.
3.
Make practice of using htmlentities(), strip_tags(), utf8_decode()
and addslashes() for filtering malicious data in php
4.
Make practice of using mysql_escape_string() in mysql.
5.
User Input Sanitization-Never trust web user submitted data. Follow
good clieint side data validation practices with regular expressions
before submitting data to the server.
6.
Form Submission Key Validation: A singleton method can be used to
generate a Session form key & validating form being submitted for
the same value against hidden form key params.
No comments:
Post a Comment