Prevent PHP Form Hijacking

[Henryosa]

Hello, I am beginner in PHP language and want to improve my knowledge about it. Can anyone give me solution from which I can able to prevent my php form from Hijacking. If anyone knows then please give me reply about the same.

[opaper]

You can prevent you PHP Form from Hijacking by the means of various ways as below:
1. You need to off the register_globals which will prevent injection of malicious code.
2. Error_reporting must be set to E_ALL so before using any variable it is needed to initialize it.
3. You can make use of the htmlentities(), strip_tags(), utf8_decode() and addslashes() for filtering Unauthorized data.
4. Use mysql_escape_string() in mysql.

[MindSpace]

You need to add the code below to stop the email injection:

Code:

if ( preg_match( "/[\r\n]/", $name ) || preg_match( "/[\r\n]/", $email ) ) {
//Error message
}

[Modifier]

use the steps below to Prevent PHP form Hijacking:

• You need to use the form processing which will able to find the submitted characters and then clear the spaces and breaks from the email headers.
• You need to review the data from the email.
• It is needed to use the script for data validation.

[Praetor]

Follow the steps below to prevent PHP form Hijacking:

• Turn off the register_globals.
• Make E_ALL for Error_reporting.
• Make scripts for data validation and data verification.
• Make use of htmlentities(), strip_tags(), utf8_decode() and addslashes() as filters.

[Katty]

Prevent PHP Form Hijacking from the following:

User Input Sanitization:
You need to track the data from the user before submission.
Form Submision Key Validation:
You need to validate the submission key.
SQL injection attacks by using mysql_escape_string() :
Dont make use of the mysql_escape_string() to avoid the PHP Form Hijacking.