Request Dev Services »

theDevTip.com

Safer approaches with PHP forms (8 security tips)

If you are concerned about vulnerabilities in your PHP code, pertaining to your website or web application; regarding form handling or other dynamic data transfer, you should be — Below is a list of 8 safety tips and approaches for more secure PHP web form handling and data transferring.

1.) Use HTTPS (HTTP + Transport Layer Security).

2.) Avoid use of third-party APIs when handling a sensitive form.

3.) Don’t declare POST or GET in HTML mark-up (attach method via external PHP/JS file).

4.) Validate what is being sent first; by creating something like a Form Key. (tutorial)

5.) Create randomized token sessions (How to Protect PHP Web Forms from Cross-Site Request Forgery (CSRF) Attacks)

7.) Explore other ways to write form validation and user sanitization (here’s a basic example)

8.) Check out this website; Survive The Deep End: PHP Security and this one; PHP Security Cheat Sheet

9.) Write custom form validations with PHP and sanitize the data.

About the Author
Cameron Cashwell Web Developer
I build websites, web apps, and software. Wanna work together? Let's chat about your project!

Leave a Reply

avatar
  Subscribe  
Notify of