AAA
Reputation: 3168
Preventing security risk from web forms
I have always wondered when you do web forms on your website whether it is sign up forms or search field, you give away your field name so is that a security risk or no? What's the best way to prevent that?
E.g: <input name="person_name">
Upvotes: 0
Views: 258
Answers (2)
Jonas Høgh
Reputation: 10874
Please don't try to prevent SQL injection attacks by escaping characters. Use the PDO API to create parameterized queries. See the PDO manual on Prepared Statements
Not using the same database column names and HTML form field names is security by obscurity at best.
Upvotes: 1
alex
Reputation: 490333
It is not a security risk, it is just a name that becomes the key part in the params.
Upvotes: 1
Related Questions
- Form security in MVC Razor
- Best way to secure a Winform page ?
- How to apply security in windows form?
- How to secure the data in the post form?
- form security issue in razor web pages
- Web form security, changing field names
- ASP.NET Web Forms - Security of Web Forms
- Documents/links on preventing HTML form fiddling?
- Security in Winforms as it is webforms
- What should I be doing to secure my web form UI?