elis Posted November 11, 2007 Share Posted November 11, 2007 I have a fairly quick question. I'm still working learning PHP security features and though I've visited several of websites about the issue. However, I'm still slightly confused. My question is this, if I use: $value = trim(htmlentities(strip_tags(mysql_real_escape_string($_POST['value'])))); Is this correct? If not could you please point me in the right direction. Link to comment https://forums.phpfreaks.com/topic/76897-solved-quick-php-security-help/ Share on other sites More sharing options...
elis Posted November 11, 2007 Author Share Posted November 11, 2007 Also, should this be done with all form fields, even if they're dropdown or radio? Link to comment https://forums.phpfreaks.com/topic/76897-solved-quick-php-security-help/#findComment-389333 Share on other sites More sharing options...
L Posted November 11, 2007 Share Posted November 11, 2007 I got another security question...(sry to intrude but its better than making another topic) Should I encrypt my sessions so no one could duplicate them and try to log in as the admin[if possible] ? Link to comment https://forums.phpfreaks.com/topic/76897-solved-quick-php-security-help/#findComment-389336 Share on other sites More sharing options...
Daukan Posted November 11, 2007 Share Posted November 11, 2007 If you are putting a string into a database and don't accept html <?php $value = mysql_real_escape_string(strip_tags(trim($_POST['value']) ) ); ?> How you validate and sanitize really depends on what, where and how you are using the data. If you don't accept html you might want to tell the user <?php if(strip_tags($_POST['value']) != $_POST['value']) { echo 'error message'; //redisplay form exit(); } ?> Yes validate drop down, checkboxs anything from post, get, cookie or request data. If you have a radio form you could use an array to validate <?php $good_radio_input = array('yes','no', 'maybe so'); if(!in_array($_POST['value']) ) { //do error handling } ?> Link to comment https://forums.phpfreaks.com/topic/76897-solved-quick-php-security-help/#findComment-389340 Share on other sites More sharing options...
Daukan Posted November 11, 2007 Share Posted November 11, 2007 I got another security question...(sry to intrude but its better than making another topic) Should I encrypt my sessions so no one could duplicate them and try to log in as the admin[if possible] ? I don't think its necessary. If your really paranoid you can change the session var every page change/refresh but even that is overkill most of the time. Link to comment https://forums.phpfreaks.com/topic/76897-solved-quick-php-security-help/#findComment-389344 Share on other sites More sharing options...
L Posted November 11, 2007 Share Posted November 11, 2007 Sweet thanks a lot! Link to comment https://forums.phpfreaks.com/topic/76897-solved-quick-php-security-help/#findComment-389440 Share on other sites More sharing options...
elis Posted November 13, 2007 Author Share Posted November 13, 2007 If you are putting a string into a database and don't accept html <?php $value = mysql_real_escape_string(strip_tags(trim($_POST['value']) ) ); ?> How you validate and sanitize really depends on what, where and how you are using the data. If you don't accept html you might want to tell the user <?php if(strip_tags($_POST['value']) != $_POST['value']) { echo 'error message'; //redisplay form exit(); } ?> Yes validate drop down, checkboxs anything from post, get, cookie or request data. If you have a radio form you could use an array to validate <?php $good_radio_input = array('yes','no', 'maybe so'); if(!in_array($_POST['value']) ) { //do error handling } ?> Okay, thank you. I'll add the bottom code in for radio boxes and so fourth. So the top code should suffice for all the $_post[value]? Link to comment https://forums.phpfreaks.com/topic/76897-solved-quick-php-security-help/#findComment-390381 Share on other sites More sharing options...
elis Posted November 13, 2007 Author Share Posted November 13, 2007 anyone? Link to comment https://forums.phpfreaks.com/topic/76897-solved-quick-php-security-help/#findComment-391000 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.