How to prevent form hijacking in PHP?

by greatlogix - 22-02-2016, 03:38 PM
Newbie
Posts:
17
Joined:
Feb 2016
Likes:
1
Credits:
19
Reputation:
0
1 Year of Service
#1
OP
Posted: 22-02-2016, 03:38 PM
Hello

How to prevent form hijacking in PHP?
http://EzFreeSkins.com
Posts:
138
Joined:
Feb 2016
Likes:
3
Credits:
33
Reputation:
15
1 Year of Service
#2
Posted: 22-02-2016, 07:15 PM (This post was last modified: 22-02-2016, 07:16 PM by Fragan.)
Dont let Binladen enter to your site
Nah seriously , what do you mean by "Hijacking"? '-' Stealing data from your MYSQL db ?
[Image: ATWe5um.gif]

Tropical
01-03-2016, 03:46 PM
anime
Posts:
98
Joined:
Feb 2016
Likes:
11
Credits:
144
Reputation:
12
1 Year of Service
#3
Posted: 23-02-2016, 07:19 AM
Check out this video. It is about cross-site request forgery, and how to protect against it.
Newbie
Posts:
17
Joined:
Feb 2016
Likes:
1
Credits:
19
Reputation:
0
1 Year of Service
#4
OP
Posted: 23-02-2016, 01:33 PM
Thanks loldongs. Very helpful video.
kara
23-02-2016, 06:53 PM
Novice
Posts:
25
Joined:
Mar 2016
Likes:
1
Credits:
7
Reputation:
0
1 Year of Service
#5
Posted: 01-03-2016, 03:16 PM
Use mysqli_real_escape_string() or trim()

and sprinf() at mysql queries.
Fulltime Member
Posts:
1,134
Joined:
Apr 2015
Likes:
51
Credits:
117
Reputation:
37
2 Years of Service
#6
Posted: 01-03-2016, 03:46 PM
(22-02-2016, 07:15 PM)Fragan Wrote: Dont let Binladen enter to your site
Nah seriously , what do you mean by "Hijacking"? '-' Stealing data from your MYSQL db ?

Imagine him getting into your server and being like:

"It's going down!!!"
Lurker
Posts:
4
Joined:
Apr 2017
Likes:
0
Credits:
4
Reputation:
0
1/2 Year of Service
#7
Posted: 21-04-2017, 09:19 PM
Anything outside your server is outside your control. You must define what you want to let in at the border of your server, and not in the browser.
Newbie
Posts:
16
Joined:
Nov 2016
Likes:
1
Credits:
9
Reputation:
0
1/2 Year of Service
#8
Posted: 02-08-2017, 01:16 AM
sanitise all tags using strip_tags and htmlentities functions and sure PDO for the mysql connection.
Newbie
Posts:
16
Joined:
Aug 2017
Likes:
0
Credits:
1
Reputation:
0
#9
Posted: 03-08-2017, 11:43 PM
you mean sql injection or xss?
make escape for all data that you insert to db
Novice
Posts:
22
Joined:
Apr 2017
Likes:
2
Credits:
28
Reputation:
0
#10
Posted: 05-08-2017, 02:42 AM (This post was last modified: 05-08-2017, 02:45 AM by dev.)
Sanitize inputs by using the trim($string) function to strip leading and trailing whitespace and the html_special_chars($string) function to escape HTML special characters by converting to HTML entities.
PHP Code:
$input html_special_chars(trim($_POST['input'])); 
And, properly escape the string using mysql_real_escape_string before substituting into your SQL query.
The last reply on this thread is older than a month. Please do not unnecessarily bump it.
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)