Welcome to WebmasterWorld Guest from 54.234.38.8

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Secure Form Security

     
7:37 am on Mar 2, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:July 24, 2009
posts: 113
votes: 0


hi,

Guys, i have a form page and output page below and im seeking what is the best method security to secure my form from all kind of threats out there.


<form action="welcome.php" method="post">
Name: <input type="text" name="fname" />
Age: <input type="text" name="age" />
<input type="submit" />
</form>



Welcome <?php echo $_POST["fname"]; ?>!<br />
You are <?php echo $_POST["age"]; ?> years old.


Thanks
11:24 am on Mar 2, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Apr 30, 2007
posts:1394
votes: 0


You validate the input posted before you echo it. For instance age is expected to be an integer between 12-90. fname should be a string so you could verify it contains alphabetic chars between certain length limits. It then depends what your PHP code does with the values posted.