If you are concerned about vulnerabilities in your PHP code, pertaining to your website or web application; regarding form handling or other dynamic data transfer, you should be — Below is a list of 8 safety tips and approaches for more secure PHP web form handling and data transferring.
1.) Use HTTPS (HTTP + Transport Layer Security).
2.) Avoid use of third-party APIs when handling a sensitive form.
3.) Don’t declare POST or GET in HTML mark-up (attach method via external PHP/JS file).
4.) Validate what is being sent first; by creating something like a Form Key. (tutorial)
5.) Create randomized token sessions (How to Protect PHP Web Forms from Cross-Site Request Forgery (CSRF) Attacks)
7.) Explore other ways to write form validation and user sanitization (here’s a basic example)
9.) Write custom form validations with PHP and sanitize the data.