Secure form step by step


by - posted

Secure form introduction

The “secure form step by step” project started after finishing the PHP security introduction document. The idea was to create a basic form security mechanism for showing the practical approach of the concepts mentioned in the PHP security introduction document.

Form basics

I show how to build a basic form in HTML and style it with CSS. Form submission techniques are also covered. Basic PHP form processing is explained with code examples.
XHTML is used for this secure form and so the HTML5 possibilities for forms and front-end checks are not implemented. Front-end checks are realized with JavaScript.

Validation and sanitizing

In this chapter, I explain how to do basic form testing in PHP. For example I check if the submit button is pressed and POST is used. I check if form variables are manipulated, etc. I do checks on the several form fields and also prevent code execution.

Validate with JavaScript

I use JavaScript in order to validate user input mainly to help/guide the user to avoid mistakes, before submitting the form.

Form specific security

Form specific security covers avoiding multiple submissions, preventing e-mail injection and checking if no robot is filling out the form.

Environment security

Environment security focuses on personalizing error messages, session security (HTTP and cookies) as well as securing the Web server. The Web server security measures are based on php.ini and htaccess modifications.

Prevent common attacks

In this chapter, you learn how to protect the form against XSS, CSRF and SQL injection.

If you want more information, you can get my PDF document for free, no e-mail required for downloading, no fancy marketing tricks. It’s just FREE ! Click on the above link to start the download.

If you enjoyed this article, you can :

– get post updates by subscribing to our e-mail list

– share on social media :