When I started learning PHP, my boss would pipe in with certain things
he wanted me to do on all forms. For instance, coding it so that no
one could access the PHP pages directly, because they are forms and
you don't want someone going directly to the middle of a form
sequence. I was also able to learn to always convert gobal variables
to local variables, as well as how to handle SQL insertion. These are
things that should normally be done on most sites. I am wondering if
there are any more of these types of tips. It is hard to learn
something that you aren't even aware of existing. A website would be
most helpful. I am just looking for certain things, as mentioned
above, that should generally be utilized. Any other "best practice"
tips?

Jerim79 wrote:
> When I started learning PHP, my boss would pipe in with certain things
> he wanted me to do on all forms. For instance, coding it so that no
> one could access the PHP pages directly, because they are forms and
> you don't want someone going directly to the middle of a form
> sequence. I was also able to learn to always convert gobal variables
> to local variables, as well as how to handle SQL insertion. These are
> things that should normally be done on most sites. I am wondering if
> there are any more of these types of tips. It is hard to learn
> something that you aren't even aware of existing. A website would be
> most helpful. I am just looking for certain things, as mentioned
> above, that should generally be utilized. Any other "best practice"
> tips?
>

Look for header injection in mail(), this is quite common trait by spammers to
use e-mail forms to send spam anonymously.

--

//Aho

Post removed (X-No-Archive: yes)