GeekInterview.com
  I am new, Sign me up!
 
GeekInterview.com  >  Interview Questions  >  Programming  >  PHP
Go To First  |  Previous Question  |  Next Question 
 PHP  |  Question 72 of 74    Print  
PHP Form Hijacking
How to prevent form hijacking in PHP?


  
Total Answers and Comments: 2 Last Update: July 14, 2009     Asked by: sanjay.nayal 
  
 Sponsored Links

 
 Best Rated Answer
Submitted by: bhavsarpr
 

Following things can be done for preventing your PHP Form from Hijacking

1. Make register_globals to off to prevent Form Injection with malicious data.
2. Make Error_reporting to E_ALL so that all variables will be intialized before using them.
3. Make practice of using htmlentities(), strip_tags(), utf8_decode() and addslashes()  for filtering malicious data in php
4. Make practice of using mysql_escape_string() in mysql.

 Please let me know if anyone has something more to add in this.



Above answer was rated as good by the following members:
rcoder, rishish
June 09, 2009 03:00:16   #1  
bhavsarpr Member Since: June 2009   Contribution: 6    
RE: PHP Form Hijacking

Following things can be done for preventing your PHP Form from Hijacking

1. Make register_globals to off to prevent Form Injection with malicious data.
2. Make Error_reporting to E_ALL so that all variables will be intialized before using them.
3. Make practice of using htmlentities() strip_tags() utf8_decode() and addslashes() for filtering malicious data in php
4. Make practice of using mysql_escape_string() in mysql.

Please let me know if anyone has something more to add in this.


 
Is this answer useful? Yes | NoAnswer is useful 2   Answer is not useful 0Overall Rating: +2    
July 13, 2009 12:22:42   #2  
d4deepikajain Member Since: July 2009   Contribution: 1    
RE: PHP Form Hijacking

Few more coding practices can be done to avoid PP Form Hijacking

  1. User Input Sanitization-Never trust web user submitted data. Follow good clieint side data validation practices with regular expressions before submitting data to the server.
  2. Form Submision Key Validation: A singleton method can be used to generate a Session form key & validating form being submitted for the same value against hidden form key params.
  3. SQL injection attacks by using mysql_escape_string()



 
Is this answer useful? Yes | No

 Related Questions

Latest Answer :  A form in Javascript can be submitted using document.formname.submit(); Other functions like PHP's header("location :$url");  is transfering control from one page to another. It is not submitting form. In Javascript, ...
How can we submit a form without a submit button? 
Latest Answer : You can use anchor tag ...
Read Answers (4) | Asked by : eselwyn
Can you submit a form without using submit button? If Yes, How? 
Latest Answer : If you want to use javascript to submit following answers are good but it you want to submit for without using javascript just use  this will work same as submit button. ...
How to prevent form hijacking in PHP? 
Latest Answer : Few more coding practices can be done to avoid PP Form HijackingUser Input Sanitization-Never trust web user submitted data. Follow good clieint side data validation practices with regular expressions before submitting data to the server.Form Submision ...

 Sponsored Links

 
Related Articles

Concepts of Object-Oriented Programming

Object Oriented JavaScript In this chapter you ll learn about OOP Object Oriented Programming and how it relates to JavaScript As an ASP NET developer you probably have some experience working with objects and you may even be familiar with concepts such as inheritance However unless you re already a
 

SQL Programming

SQL Programming Overview Anybody who has done something for a long time has probably wanted to change how things work at some point or another. A worker at a mill might have found a more efficient way of cutting logs, or a mathematics teacher might have had a hand in changing a school’s al
 

The Interview Snafu

How to turn someone else’s mistake to your advantage Your dream job is about to become reality. A recruiter gave you the heads up about the perfect position at Humungous Conglomerate, Inc. You went through five interviews as well as a battery of psychological tests mandated by their HR de
 

Winning a Job Interview with a Winning Resume

Does your resume unlock your potential, take your skills to the highest level and win you the interview and the job you want now? The job market today is highly competitive and even if you think you have what it takes to get an interview you won’t get over the line without a polished, prof
 

WinRunner Programming Concepts

If you want to create WinRunner scripts that are highly efficient, there are important programming concepts that you will want to become familiar with. Understanding these concepts will provide you with a large number of key benefits. In addition to understanding these concepts, you must also learn
 

Programming Languages Certification

IT Certification programs have several options that will offer you the best knowledge.  By learning everything that you need to know about information technology you will be able to open new doors to your career and personal business desires.  IT Certification offers several vari
 

Neuro-linguistic Programming Methods

Neuro linguistic Programming Methods There are several methods used for performing Neuro linguistic Programming on an individual for obtaining insights into the psyche of the person in order to correct to modify certain patterns of behavior These techniques are also used for Neuro linguistic trainin
 

Importance of Proper English during Job Interview

Importance of Proper English during Job Interview Your job interview is crucially important and it will determine whether or not you will get the job Depending on the type of job you re going for it is very important for you to use proper English In most cases jobs which offer higher salaries will h
 

The Difficult Past of Neuro-linguistic programming

The Difficult Past of Neuro linguistic programming Neuro linguistic programming has had a rocky past with a number of lawsuits rivalry unsystematic development and intermittent progress During the 1980s the two founders separated after the lawsuit filed by Bandler Bandler went on to file several law
 

History of Neuro Linguistic Programming (NLP)

History of Neuro linguistic programming Neuro Linguistic Programming NLP is a system co founded by John Grinder and Richard Bandler for bringing about personal development in any individual by interpreting and translating the human perception experience beliefs and language It was developed in early
 

About Us -  Privacy Policy -  Terms and Conditions -  Contact -  Ask Question -  Propose Category -  Site Updates 

Copyright © 2005 - 2009 GeekInterview.com. All Rights Reserved

Page copy protected against web site content infringement by Copyscape