We take following steps to prevent form hijacking in php.
1. Make register_globals to off to prevent Form Injection with malicious data. 2. Make Error_reporting to E_ALL so that all variables will be intialized before using them. 3. Make practice of using htmlentities(), strip_tags(), utf8_decode() and addslashes() for filtering malicious data in php 4. SQL injection attacks by using mysql_escape_string(). 5. User Input Sanitization-Never trust web user submitted data. Follow good clieint side data validation practices with regular expressions before submitting data to the serve. 6. Form Submision Key Validation: A singleton method can be used to generate a Session form key & validating form being submitted for the same value against hidden form key params.
Liked By
Write Answer
How to prevent form hijacking in PHP?
Join MindStick Community
You have need login or register for voting of answers or question.
Anonymous User
13-Jun-2011We take following steps to prevent form hijacking in php.
1. Make register_globals to off to prevent Form Injection with malicious data.
2. Make Error_reporting to E_ALL so that all variables will be intialized before using them.
3. Make practice of using htmlentities(), strip_tags(), utf8_decode() and addslashes() for filtering malicious data in php
4. SQL injection attacks by using mysql_escape_string().
5. User Input Sanitization-Never trust web user submitted data. Follow good clieint side data validation practices with regular expressions before submitting data to the serve.
6. Form Submision Key Validation: A singleton method can be used to generate a Session form key & validating form being submitted for the same value against hidden form key params.