rbudj Posted December 28, 2006 Share Posted December 28, 2006 I have created a form to be processed by PHP. This form data will contain private information such as social security numbers and credit card information. What is a good way to process this form? I will be using a SSL. Should I send the information by email, should I take it all and put it in a database, should I (if it is possible) have PHP create a .pdf and reference it through a link? I just don't know what to do. I'm open to all logical suggestions. Thanks! Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted December 28, 2006 Share Posted December 28, 2006 processing this data via direct from submission is fine - its as secure as your ssl encryption - if that is satisfactory go ahead and do your magic.MKAE SURE that the database is secure as it can be - encrypt the data using the mycrypt functions and try your best to make sure any keys are not available to the outside world. I personally would place the actual code that does the processing/encrption above the root folder of your site and simply include it the php script that accepts the data from teh form. Quote Link to comment Share on other sites More sharing options...
rbudj Posted December 30, 2006 Author Share Posted December 30, 2006 Thanks, I will research your suggestion. Quote Link to comment Share on other sites More sharing options...
dbo Posted December 30, 2006 Share Posted December 30, 2006 I'd suggest picking up the book "Essential PHP Security"http://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X/sr=8-1/qid=1167519646/ref=pd_bbs_sr_1/104-9182315-3567949?ie=UTF8&s=booksSecurity in layers, solid html forms, front end javascript validation, php validation, filtering/escaping, encryption, store database credentials out of public_html directory.... etc etc. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.