Posted by J.O. Aho on 04/03/07 16:55

Jerim79 wrote:
> When I started learning PHP, my boss would pipe in with certain things
> he wanted me to do on all forms. For instance, coding it so that no
> one could access the PHP pages directly, because they are forms and
> you don't want someone going directly to the middle of a form
> sequence. I was also able to learn to always convert gobal variables
> to local variables, as well as how to handle SQL insertion. These are
> things that should normally be done on most sites. I am wondering if
> there are any more of these types of tips. It is hard to learn
> something that you aren't even aware of existing. A website would be
> most helpful. I am just looking for certain things, as mentioned
> above, that should generally be utilized. Any other "best practice"
> tips?
>

Look for header injection in mail(), this is quite common trait by spammers to
use e-mail forms to send spam anonymously.

--

//Aho

• Next in forum: Re: where can ini_set('include_path','.:..'); see?
• Prev in forum: Re: how to install PHP with crypt() functionality in Windows XP?
• Thread view: Re: Best Practices

[Reply to this message]