bhavsarpr

 Profile Answers by bhavsarpr 

• Jun 9th, 2009

 

Following things can be done for preventing your PHP Form from Hijacking

1. Make register_globals to off to prevent Form Injection with malicious data.
2. Make Error_reporting to E_ALL so that all variables will be intialized before using them.
3. Make practice of using htmlentities(), strip_tags(), utf8_decode() and addslashes()  for filtering malicious data in php
4. Make practice of using mysql_escape_string() in mysql.

 Please let me know if anyone has something more to add in this.

d4deepikajain

 Profile Answers by d4deepikajain 

• Jul 13th, 2009

 

Few more coding practices can be done to avoid PP Form Hijacking

1. User Input Sanitization-Never trust web user submitted data. Follow good clieint side data validation practices with regular expressions before submitting data to the server.
2. Form Submision Key Validation: A singleton method can be used to generate a Session form key & validating form being submitted for the same value against hidden form key params.
3. SQL injection attacks by using mysql_escape_string()
   
   
   

rubin2008

 Profile Answers by rubin2008 Questions by rubin2008

• May 16th, 2010

 

To prevent form hijacking
(1) Escape data which is being passed into sql query using mysql_real_escape_string() function.
(2) Also input data must be filtered before being passed into sql query using proper validation methods and use of htmlentities() function