Hello, I am beginner in PHP language and want to improve my knowledge about it. Can anyone give me solution from which I can able to prevent my php form from Hijacking. If anyone knows then please give me reply about the same.
Hello, I am beginner in PHP language and want to improve my knowledge about it. Can anyone give me solution from which I can able to prevent my php form from Hijacking. If anyone knows then please give me reply about the same.
You can prevent you PHP Form from Hijacking by the means of various ways as below:
1. You need to off the register_globals which will prevent injection of malicious code.
2. Error_reporting must be set to E_ALL so before using any variable it is needed to initialize it.
3. You can make use of the htmlentities(), strip_tags(), utf8_decode() and addslashes() for filtering Unauthorized data.
4. Use mysql_escape_string() in mysql.
You need to add the code below to stop the email injection:
Code:if ( preg_match( "/[\r\n]/", $name ) || preg_match( "/[\r\n]/", $email ) ) { //Error message }
use the steps below to Prevent PHP form Hijacking:
- You need to use the form processing which will able to find the submitted characters and then clear the spaces and breaks from the email headers.
- You need to review the data from the email.
- It is needed to use the script for data validation.
Follow the steps below to prevent PHP form Hijacking:
- Turn off the register_globals.
- Make E_ALL for Error_reporting.
- Make scripts for data validation and data verification.
- Make use of htmlentities(), strip_tags(), utf8_decode() and addslashes() as filters.
Prevent PHP Form Hijacking from the following:
User Input Sanitization:
You need to track the data from the user before submission.
Form Submision Key Validation:
You need to validate the submission key.
SQL injection attacks by using mysql_escape_string() :
Dont make use of the mysql_escape_string() to avoid the PHP Form Hijacking.
Bookmarks