How to prevent form hijacking in PHP?

Hello

How to prevent form hijacking in PHP?

Dont let Binladen enter to your site
Nah seriously , what do you mean by "Hijacking"? '-' Stealing data from your MYSQL db ?

Check out this video. It is about cross-site request forgery, and how to protect against it.

Thanks loldongs. Very helpful video.

Use mysqli_real_escape_string() or trim()

and sprinf() at mysql queries.

22-02-2016, 07:15 PM

Fragan Wrote: Dont let Binladen enter to your site
Nah seriously , what do you mean by "Hijacking"? '-' Stealing data from your MYSQL db ?

Imagine him getting into your server and being like:

"It's going down!!!"

Anything outside your server is outside your control. You must define what you want to let in at the border of your server, and not in the browser.

sanitise all tags using strip_tags and htmlentities functions and sure PDO for the mysql connection.

you mean sql injection or xss?
make escape for all data that you insert to db

Sanitize inputs by using the trim($string) function to strip leading and trailing whitespace and the html_special_chars($string) function to escape HTML special characters by converting to HTML entities.
And,properly escape the string using mysql_real_escape_string before substituting into your SQL query.