Re: How can I safeguard my Php Form?
Below I have a Php Registration form that is working well, but am a bit
concerned as the form is wide open for an Sql injection attack, I am aware
about it but have very limited coding knowledge to prevent it, but still
learning.
Have managed to add a Captcha to prevent bots from auto-filling the form
and submitting, but unfortunately the same can't be said of being able to
validate the First name and Last name,am just wondering how can I
safeguard myself against such an attack.
The Relevant code is shown below, Thank You!
Check.php
$FirstName = strip_tags($_POST['FirstName']); $LastName =
strip_tags($_POST['LastName']); $Msisdn = $_POST['Msisdn']; $month =
$_POST['month']; $day = $_POST['day']; $year = $_POST['year']; $date =
$year . "-" . $month . "-" . $day; $dob = date('y-m-d', strtotime($date));
$Gender = $_POST['Gender']; $Faith = $_POST['Faith']; $City =
$_POST['City']; $MarritalStatus = $_POST['MarritalStatus']; $Profession
=$_POST['Profession']; $Country = $_POST['Country']; $query="insert into
users set FirstName='".$FirstName."',LastName='".$LastName
."',Msisdn='".$Msisdn."',dob='".$dob."',Gender='".$Gender."',Faith='".$Faith."',City='".$City."',MarritalStatus='".$MarritalStatus."',Profession='".$Profession."',Country='".$Country."'";
mysql_query($query)or die("".mysql_error());
echo "Successful Registration!";
}
?>
Registration.php
</tr>
Sign Up It's free and anyone can join
<form method="post" action="check.php" enctype="multipart/form-data">
<table width="900" align="center" cellpadding = "15">
<tr>
<td>FirstName:</td>
<td><input type="text" name="FirstName" maxlength="10" required=""
></td>
</tr>
<tr>
<td>LastName:</td>
<td><input type="text" name="LastName" maxlength="10"
required=""></td>
No comments:
Post a Comment