Start Validating web site security

Validating web site security

We know that the $_POST[ ‘email’ ] is an email address, so we want to check the format to make sure it’s a valid email address.

PHP security isn’t just an option anymore; it’s a necessity.

Sites are hacked daily, and as you build a site using PHP, you need to know how to keep it safe from the bad guys.

Since we know that name is just the name of a person and does not need links, or possibly malicious code, we don’t need any tags.

So if a person was to add Jerry, it would only let the string ‘Jerry’ to be assigned to the variable.

As Master Yoda says, “Much to learn, you still have.” Validating user input is the first and one of the most important steps to securing your site.

Validating means verifying the data coming into your script is the type of data you want, is in the correct format, and is the right length. Depending on what your script does, it can lead to your site going down, displaying bad information, giving the bad guys access to getting information from users, and much more.

For example, instead of looping through $_POST, you can call each field like this: $_POST[ ‘name’ ] $_POST[ ‘email’ ] This will help to accept only the data you are expecting and ignore the rest.

Next, you need to know what the data is supposed to be.

Here’s an example of a POST variable that is sent to our script: Array ( [name] = 37 ) This shows that we have exactly the data we asked for, but if a hacker wanted to add extra information (like an extra field), then there could be possibilities for corrupting your site.

For a form like this, I recommend calling each field, so you know you’re only using what your script needs.

The first step in validating your data is knowing what data should come in.