1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Review Stage

Discussion in 'PHP' started by oo7ml, May 3, 2013.

  1. #1
    Hi,

    I am close to launching a website that i have been working on for some time now and i plan on carrying out a significant review of security .

    I understand that one of the biggest areas of concern from a security point of view is how you handle user input (fields / forms etc.)
    SEMrush
    I don't expect anyone to reply with tonnes of information on each, as the internet is full of help and advice BUT the one downside of the internet is 'how up to date' the information is (don't want to use / implement out dated practices) or the 'integrity' of the advice, especially in relation to this subject'.

    So what are your key best practices for each of the following:

    1 - Validating Input

    2 - Sanitizing Input

    Thanks in advance for your help...
     
    oo7ml, May 3, 2013 IP
    SEMrush
  2. HuggyStudios

    HuggyStudios Well-Known Member

    Messages:
    724
    Likes Received:
    20
    Best Answers:
    26
    Trophy Points:
    165
    #2
    This kind of question has many answers and developers have their own principles.

    Validating input is clearly important as a corrupt database or however you store information is flawed. Checking for integers when they should be integers, string for strings etc is one way. You can only apply so much validation thou sometimes bad data is stored but not much you can do about that.

    In terms of security you need to use something like PDO for your SQL work (if your using SQL) and make sure you escape all html code to prevent cross site scripting.

    Please remember that is not possible to make something 100%, you can of course make something 99% secure. The fact that you allow user's to send data, modify data etc pretty much means it can be broken.
     
    HuggyStudios, May 3, 2013 IP