Posted by Tom on 04/06/07 18:08

On 3 Apr 2007 06:35:56 -0700, Jerim79 wrote...
>
>When I started learning PHP, my boss would pipe in with certain things
>he wanted me to do on all forms. For instance, coding it so that no
>one could access the PHP pages directly, because they are forms and
>you don't want someone going directly to the middle of a form
>sequence. I was also able to learn to always convert gobal variables
>to local variables, as well as how to handle SQL insertion. These are
>things that should normally be done on most sites. I am wondering if
>there are any more of these types of tips. It is hard to learn
>something that you aren't even aware of existing. A website would be
>most helpful. I am just looking for certain things, as mentioned
>above, that should generally be utilized. Any other "best practice"
>tips?
>

Definitely analyze any form data. As an example if your form is going to send an
email somewhere, make sure someone isn't trying to add a Cc or Bcc header and
make your web page a vehicle for sending spam. Basically don't trust the data
being sent to you.

Tom
--
Newsguy.com
75+ Days Retention
Higher levels of article completion
Broader newsgroups coverage

[Back to original message]