Join David Powers for an in-depth discussion in this video Prevent cross-site script attacks in forms, part of PHP Tips, Tricks, and Techniques.
- Hi, I'm David Powers, and welcome to this week's edition…of PHP Tips, Tricks and Techniques, designed to help you…become a smarter, more productive PHP developer.…This week, I'm responding to a query from a member…about the danger of cross-site scripting attacks…when using the superglobal variable, SERVER PHP_SELF,…in an online form.…I'll begin by describing the problem, explain why I think…the commonly-recommended solutions are unsatisfactory,…and then propose what I believe to be a better solution…to keep your online forms secure.…
If you want to follow along, you can download…the exercise files for this video.…On this page, I've got a simple form that asks the user…to input their name and then displays it on the same page…when the form is submitted.…In the opening form tag, the action attribute tells…the browser where to find the script to process the form.…In PHP, it's very common to use self-processing forms.…In other words, to put the processing script in the same…file as the form, as I've done here on lines 11 to 15.…
Note: The exercise files are free to all members. The code is commented to enhance your learning, but you will need database connectivity for some files to run as intended.
Skill Level Intermediate
PHP: Managing Persistent Sessionswith David Powers2h 41m Intermediate
New this Week:
Strip accents from text New9m 29s
1. Weekly Episodes
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.