Home > DeveloperSection > Interviews > How to prevent form hijacking in PHP?

Posted on    June-13-2011 5:37 AM

 PHP PHP 
Ratings:
 1 Answer(s)
  1467  View(s)
Rate this:

Awadhendra Tiwari

Total Post:510

Points:2550
Posted on    June-13-2011 12:00 AM

We take following steps to prevent form hijacking in php.

1. Make register_globals to off to prevent Form Injection with malicious data.
2. Make Error_reporting to E_ALL so that all variables will be intialized before using them.
3. Make practice of using htmlentities(), strip_tags(), utf8_decode() and addslashes()  for filtering malicious data in php
4. SQL injection attacks by using mysql_escape_string().
5. User Input Sanitization-Never trust web user submitted data. Follow good clieint side data validation practices with regular expressions before submitting data to the serve.
6. Form Submision Key Validation: A singleton method can be used to generate a Session form key & validating form being submitted for the same value against hidden form key params.


Don't want to miss updates? Please click the below button!

Follow MindStick