Safer approaches with PHP forms (8 security tips)

If you are concerned about vulnerabilities in your PHP code, pertaining to your website or web application; regarding form handling or other dynamic data transfer, you should be — Below is a list of 8 safety tips and approaches for more secure PHP web form handling and data transferring.

1.) Use HTTPS (HTTP + Transport Layer Security).

2.) Avoid use of third-party APIs when handling a sensitive form.

3.) Don’t declare POST or GET in HTML mark-up (attach method via external PHP/JS file).

4.) Validate what is being sent first; by creating something like a Form Key. (tutorial)

5.) Create randomized token sessions (How to Protect PHP Web Forms from Cross-Site Request Forgery (CSRF) Attacks)

7.) Explore other ways to write form validation and user sanitization (here’s a basic example)

8.) Check out this website; Survive The Deep End: PHP Security and this one; PHP Security Cheat Sheet

9.) Write custom form validations with PHP and sanitize the data.

Published by


I’m Cameron Cashwell, I’ve been a Web Developer for 6+ years. I’m always on the look out for exciting new projects and ideas. Wanna work together?

Leave a Reply

Be the First to Comment!

Notify of