Everett
Level X4
Write the reason you're deleting this FAQ
Say you hired a programmer that really didn't know what he or she was doing, but could code just enough to get by as a "programmer". Say he or she didn't understand that you need to secure variables, and left them unsecured. Do you know what happens next? Yes, you probably guessed, your website could be hacked and most likely will be!
Hackers love to find exploits in code, and will abuse those exploits to gain access to the website. They find it to be fun to be able to get into the website. They love the challenge and won't stop until they get in. If you don't secure your variables they will ultimately get into your website!
How to secure your variables? Well this topic is generally too big for only one discussion however I'll try to provide as much information as possible. You need to escape your $_POST, $_GET, $_SESSION and all other variables you are using.
Escaping
This is easily done by the mysqli_real_escape_string (do not use mysql extension, it's deprecated as of PHP 5.5.0)
Special Characters
If you allow for special characters to be inputted, and then displayed you must look into the htmlspecialchars function.
Additional security can include:
Drake83
Just remember, user submitted data is tainted! Good tips! If you have the money, it is also a good idea to get a security company to scan your site for vulnerabilities. If you need to be PCI compliant, many PCI scans will do this an attempt SQL injection at most (if not all) of your form inputs. Just remember, user submitted data is [b]tainted[/b]!
Are you sure you want to delete this post?