Safer approaches with PHP forms (8 security tips)


If you are concerned about vulnerabilities in your PHP code, pertaining to your website or web application; regarding form handling or other dynamic data transfer, you should be — Below is a list of 8 safety tips and approaches for more secure PHP web form handling and data transferring.

1.) Use HTTPS (HTTP + Transport Layer Security).

2.) Avoid use of third-party APIs when handling a sensitive form.

3.) Don’t declare POST or GET in HTML mark-up (attach method via external PHP/JS file).

4.) Validate what is being sent first; by creating something like a Form Key. (tutorial)

5.) Create randomized token sessions (How to Protect PHP Web Forms from Cross-Site Request Forgery (CSRF) Attacks)

7.) Explore other ways to write form validation and user sanitization (here’s a basic example)

8.) Check out this website; Survive The Deep End: PHP Security and this one; PHP Security Cheat Sheet

9.) Write custom form validations with PHP and sanitize the data.


Published by

admin

I’m Cameron Cashwell, I’ve been a Web Developer for 6+ years. I’m always on the look out for exciting new projects and ideas. Wanna work together? http://www.cdev.co/#request

Leave a Reply

Be the First to Comment!

Notify of
avatar
wpDiscuz