Jump to content


Photo

php security in forms


  • Please log in to reply
4 replies to this topic

#1 fixxxer

fixxxer
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts

Posted 01 September 2006 - 10:18 AM

hi,

Ive now finsihed my first site and ive turned my attention to security, im corcerned i have a lot of forms and i use FCKeditor which creates html output.

My concern  are that in these forms can somone execute a php instruction that cause me problems. how do i prevent a malicious user doning damage to my site with a php instruction.

Also what damage could somone do with in a text box.

thanks for any help that can be offered.

#2 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 01 September 2006 - 11:06 AM

http://www.fckeditor.net/demo/

If you try it, you'll see how it handles stuff like that.
Legend has it that reading the manual never killed anyone.
My site

#3 fixxxer

fixxxer
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts

Posted 01 September 2006 - 11:44 AM

thanks for replying.

i think got my question wrong. sorry.

im aware of what the post data comes out like it was more a question in general about security for example ive got a text area on my form, how susceptable am i to an attack and what information could someone get from my site if they had an text area to type into.

i was also wonddering if theres a way to filer out a statement such as <?php //code ?>.

im not sure if im being paranoid about security buot just want to protect my site in the other forms im fine i use strip_tags on all my one line text inputs just not sure what to do with textarea and how to make it safe while still allow html also can javascript be entered into one of those boxes.
any help again would be appreciated

#4 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 01 September 2006 - 11:52 AM

http://ca.php.net/ma....strip-tags.php - check the user notes and code snippets.  There are a number of examples there for selectively stripping some stuff while leaving other stuff alone.
Legend has it that reading the manual never killed anyone.
My site

#5 fixxxer

fixxxer
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts

Posted 01 September 2006 - 12:10 PM

thanks for that, they are exactly what im looking, hate to be a pain but just something im wondering, if i didn''t use one of those functions (im am going to. lol) but what would a person be able to do on my site, would they be able to gain access to sensitive information etc.. or could they only do pretty harmless things.

this is just to satisfy my curiousity. again thanks for help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users