Lambneck Posted February 25, 2009 Share Posted February 25, 2009 I dont know much about the subject and I was wondering, does using mysql_real_escape_string() in your processing script protect against form hijacking? Quote Link to comment Share on other sites More sharing options...
trq Posted February 25, 2009 Share Posted February 25, 2009 mysql_real_escape_string will protect you from sql injections, not form hijacking. the best hting you can do to prevent form hijacking is to validate your data looks like it should. Quote Link to comment Share on other sites More sharing options...
Lambneck Posted February 25, 2009 Author Share Posted February 25, 2009 is there a way to validate it while still allowing html submissions? Also I read that the most important thing you could do to prevent hijacking is to "...check submitted characters and remove line breaks from data that is used in email headers." Is there a way to do that using php while still allowing html submissions? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.