Home » » security to POST-PHP

security to POST-PHP

08:28
$_POST
 POST-method variables. Form field data from regular 
POST-method forms.
 
PHP automatically creates variables for all the data it receives
 in an HTTP request. This can include GET data, POST data,
 cookie data, and environment variables. The variables are 
either in PHP's global symbol table or in one of a number
 of superglobal arrays, depending on the value of the
 register_globals setting in your php.ini file. 

mysqli_real_escape_string can be add for security reson.

A common error people make when using sessions is that they
 tend to use it as a replacement for authentication -- or sometimes 
as an add-on to authentication. Authenticating a user once as he
 first enters your site and then using a session ID to identify that 
user throughout the rest of the site without further authentication 
can lead to a lot of problems if another person is somehow able
 to get the session ID. There are a number of ways to get the 
 session ID:
  • If you are not using SSL, session IDs may be sniffed
  • If you don't have proper entropy in your session IDs,
     they may be guessed
  • If you are using URL-based session IDs, they may 
    end up in proxy logs
  • If you are using URL-based session IDs, they may 
    end up bookmarked on publicly-accessible computers
Forcing HTTP Authentication on each page over SSL is the
 most secure way to avoid this problem, but it tends to be a 
bit inconvenient. Just keep the above points in mind when 
building a web application that uses sessions to store users' 
personal details.

Categories: 
Related Posts:
  • Setting a session's time-PHP After a certain time period, it's reasonable to expect that a user's session should automatically log out, which is essentially an expiration period. PHP allows you to specifically set this duration. The best way to d… Read More
  • PHP file functions fopen    Opens a file for reading and/or writing. This file can be stored on the server's hard disk, or PHP can load it from a URL just like a Web browser would. fclose    Tells PHP y… Read More
  • Create the months table With MySQL Create the months table as follows: CREATE TABLE months ( month_id INT NOT NULL AUTO_INCREMENT, month VARCHAR (20), days INT, PRIMARY KEY (month_id));      To add the months to the new table, s… Read More
  • How register the variables into a session? session_register ($session_var) function. (adsbygoogle = window.adsbygoogle || []).push({}); … Read More
  • Methods and Constructors-PHP Methods are the functions defined within the class. They work within the environment of the class, including its variables. For classes, there is a special method called a constructor that's called when a new instance … Read More
  • File uploaded code-with-validation-PHP  PHP File uploaded code-with-IMAGE EXTENSION Validation <?php  session_start(); include "include/connection.php"; include "include/functions.php"; $userId=$_SESSION['userId']; if(!isse… Read More
  • php tutorial-for beginners PHP Functions | PHP Interview Questions,PHP tutorial,seo-tips,seo tutorial,N... PHP Sessions | PHP Interview Questions,PHP tutorial,seo-tips,seo tutorial,Ne... Cookies Ver… Read More
  • Database Backups using mysqldump The MySQL server, and mysql, the MySQL client, a MySQL installation comes with many useful utility programs. We have seen mysqladmin, which is responsible for the control and retrieval of information about an operati… Read More
  • PHP-Mathematical Functions ABS(expr)    This function returns the absolute (positive) value of expr. SIGN(expr)    This function returns -1, 0, or 1 depending on whether expr is negative, zero, or positive, re… Read More
  • PHP function using PDO for databse function db_connect() { $dsn = "mysql:host=localhost;dbname=test;charset=utf8"; $opt = array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_A… Read More
  • Advantages of Using PHP with MySQL Advantages of Using PHP with MySQL   There are several factors that make using PHP and MySQL together a natural choice: PHP and MySQL work well together PHP and MySQL have been developed with each other in … Read More
  • Managing the Database Creating Users To create users above and beyond the default privileged root user, issue the grant command. The grant command uses this syntax: GRANT PRIVILEGES ON DATABASE.OBJECTS TO'USER'@'HOST' IDENTIFIED BY 'PASSWORD… Read More
  • PHP-Super global variables Global variables should be used sparingly, since it's easy to accidentally modify a variable by mistake. This kind of error can be very difficult to locate. Additionally, when we discuss functions in detail, you'll lea… Read More
  • PHP registration form-code-demo PHP registration form-code-demo <?php//error_reporting(0); session_start(); include "include/connection.php"; include "include/functions.php"; $fname=''; $lname=''; $dob=''; … Read More
  • Requiring Cookies If the browser doesn’t accept cookies, a session cannot be established because the PHP directive sessions_use_only_cookies has been set to 1 and the alternative (passing the PHPSESSID in the query string of the URL) has been… Read More