thomashw Posted March 23, 2008 Share Posted March 23, 2008 I'm trying to add a bit of security to my forms before I upload my website. I have 'htmlspecialchars() around all '$_POST's before adding them to the session. I'm also validating all required form fields to have a greater than zero string length. Obviously I could be doing more, so let me know what I should do! I have a book and I've been going through the security section, but any more input would be great. Link to comment https://forums.phpfreaks.com/topic/97450-security/ Share on other sites More sharing options...
p2grace Posted March 23, 2008 Share Posted March 23, 2008 You should always make them db safe as well. <?php $var = $_POST['var']; $var = trim(mysql_real_escape_string($var)); ?> Link to comment https://forums.phpfreaks.com/topic/97450-security/#findComment-498608 Share on other sites More sharing options...
thomashw Posted March 23, 2008 Author Share Posted March 23, 2008 Awesome, thank you. So with the trim, mysql_real_escape_string, and htmlspecialchars, I should be good? Link to comment https://forums.phpfreaks.com/topic/97450-security/#findComment-498619 Share on other sites More sharing options...
ohdang888 Posted March 23, 2008 Share Posted March 23, 2008 well, those damn hackers always find new ways, so you have to stay updated on newsletters, etc..... Link to comment https://forums.phpfreaks.com/topic/97450-security/#findComment-498622 Share on other sites More sharing options...
thomashw Posted March 23, 2008 Author Share Posted March 23, 2008 Okay, thanks guys. Link to comment https://forums.phpfreaks.com/topic/97450-security/#findComment-498634 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.