Jump to content


secure form help!

  • Please log in to reply
1 reply to this topic

#1 anthonydamasco

  • Members
  • PipPipPip
  • Advanced Member
  • 92 posts

Posted 25 August 2006 - 03:35 PM


I learned alot about PHP and MySQL in the last 2 months. I have forms and logins, sessions, all that good stuff, but now I have to make something I've been dreading.

I have to make an Online Credit Application. SSN, checking account numbers the worx, I basicly need help finding sources to learning how to make a very secure form to keep my clients information safe.


#2 drkstr

  • Members
  • PipPipPip
  • Advanced Member
  • 66 posts
  • LocationSeattle, WA - USA

Posted 25 August 2006 - 05:55 PM

Use SSL (Secure Socket Layer) to encrypt all incoming/outgoing traffic from the web server. Then use a simple input protection scheme to prevent injection attacks. On my form, I don't need any special symbols, so I wrote a function that takes a string (user input) as a parameter, passes it through a preg_replace("\W", '', $string) and returns it. This will remove alsl charecters that is not alpanumeric or an underscore. If you need any other special symbols, you should deny all and explicitly allow the ones you need.

Also, check out the crypt function for storing data.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users