|
Posted by J.O. Aho on 04/03/07 16:55
Jerim79 wrote:
> When I started learning PHP, my boss would pipe in with certain things
> he wanted me to do on all forms. For instance, coding it so that no
> one could access the PHP pages directly, because they are forms and
> you don't want someone going directly to the middle of a form
> sequence. I was also able to learn to always convert gobal variables
> to local variables, as well as how to handle SQL insertion. These are
> things that should normally be done on most sites. I am wondering if
> there are any more of these types of tips. It is hard to learn
> something that you aren't even aware of existing. A website would be
> most helpful. I am just looking for certain things, as mentioned
> above, that should generally be utilized. Any other "best practice"
> tips?
>
Look for header injection in mail(), this is quite common trait by spammers to
use e-mail forms to send spam anonymously.
--
//Aho
[Back to original message]
|