News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Smashing Magazine:
Keeping Web Users Safe By Sanitizing Input Data
January 12, 2011 @ 12:49:13

On the Smashing Magazine site today Phillip Tellis has a new article advocating a common thread in PHP application development (really, any application development) - sanitizing user input to help keep you and your application's user safe.

In this article, I'm joined by my colleague Peter (evilops) Ellehauge in looking at input filtering in more depth while picking on a few real examples that we've seen around the web. As you'll see from the examples below, insufficient input validation can result in various kinds of code injection including XSS, and in some cases can be used to phish user credentials or spread malware.

Several examples are included show things like unfiltered use of PHP's superglobals, incorrectly quoted HTML attributes and some commonly overlooked areas like title tag injection and javascript analytics handling. They also talk about the different contexts the data might need to be filtered on - HTML, attributes, URLs, javascript, CSS and others.

0 comments voice your opinion now!
security sanitize data input tutorial output filter


blog comments powered by Disqus

Similar Posts

DevShed: Working with Strings and the Composite Pattern in PHP 5

Jakub Zalas' Blog: Mocking Symfony Container services in Behat scenarios with Mockery

PHPBuilder.com: CSVtoXLS: A Utility to Convert CSV data into XLS Spreadsheets

Qandidate.com: Setting up XHProf/XHGui profiling with Ansible

Tobias Schlitt\'s Blog: The eZ components tutorial online


Community Events

Don't see your event here?
Let us know!


opinion framework language example application laravel performance api install introduction podcast conference symfony2 php7 release part2 configure interview series community

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework