Reputation: 12183
Bare minimum to secure a PHP form
There are a lot of 'secure PHP form' questions out there, but I wasn't able to find a simple definitive 'bare-minimum needed' answer.
How would I go about making a form 100% safe? Is it as simple as running a function on the output like so:
$text = $_POST['text'];
$text = doThisToMakeSafe($text);
or are there other ways someone can get malicious access via a form without submitting?
Ideally, I'd like a snippet of code I can throw into all forms so that I never have to worry about any security issues. Is this possible?
Upvotes: 0
Views: 144
Answers (3)
Reputation: 59987
John, depends on what you are going to do with the value.
Most of the questions are able to prevent SQL injection. You should look up validation
Upvotes: 0
Reputation: 4209
Context aware validation is a part of making any field secure, so, what you're asking for is impossible on this premise alone.
Upvotes: 0
Reputation: 197564
Ideally, I'd like a snippet of code I can throw into all forms so that I never have to worry about any security issues. Is this possible?
No. It's that easy to answer. What you are looking for is not possible.
You can create a form abstraction that is just taking values and the form abstraction knows enough about how to create the output to take care about everything needed in a common place, however, the other way round is not possible - the way with calling a function on some data that passes on along.
Upvotes: 3
Related Questions
- How do I secure PHP forms?
- form submit security with php
- How to protect form data on my site?
- Basic form security
- How to add security to a php form
- How could I make this PHP $_POST more secure? -Or is it secure already?
- PHP security forms _POST
- Form Security & PHP?
- How to secure this PHP form
- PHP secure form