Backend Development

How to prevent form hijacking in PHP?

Submitted by greatlogix, , Thread ID: 18592

Thread Closed
22-02-2016, 03:38 PM
#1
Hello

How to prevent form hijacking in PHP?

RE: How to prevent form hijacking in PHP?

This post was last modified: 22-02-2016, 07:16 PM by Fragan
#2
Dont let Binladen enter to your site
Nah seriously , what do you mean by "Hijacking"? '-' Stealing data from your MYSQL db ?
[Image: ATWe5um.gif]

RE: How to prevent form hijacking in PHP?

#3
Check out this video. It is about cross-site request forgery, and how to protect against it.

RE: How to prevent form hijacking in PHP?

OP
#4
Thanks loldongs. Very helpful video.
1

RE: How to prevent form hijacking in PHP?

#5
Use mysqli_real_escape_string() or trim()

and sprinf() at mysql queries.

RE: How to prevent form hijacking in PHP?

#6
22-02-2016, 07:15 PM
Fragan Wrote:
Dont let Binladen enter to your site
Nah seriously , what do you mean by "Hijacking"? '-' Stealing data from your MYSQL db ?

Imagine him getting into your server and being like:

"It's going down!!!"

RE: How to prevent form hijacking in PHP?

#7
Anything outside your server is outside your control. You must define what you want to let in at the border of your server, and not in the browser.

RE: How to prevent form hijacking in PHP?

#8
sanitise all tags using strip_tags and htmlentities functions and sure PDO for the mysql connection.

RE: How to prevent form hijacking in PHP?

#9
you mean sql injection or xss?
make escape for all data that you insert to db

RE: How to prevent form hijacking in PHP?

This post was last modified: 05-08-2017, 02:45 AM by dev
#10
Sanitize inputs by using the trim($string) function to strip leading and trailing whitespace and the html_special_chars($string) function to escape HTML special characters by converting to HTML entities.
PHP Code:
$input html_special_chars(trim($_POST['input'])); 
And,properly escape the string using mysql_real_escape_string before substituting into your SQL query.

Users browsing this thread: