Skip to main content

Prevent Malicious User Inputs In PHP Form

A professional website always must have a way to receive user inputs either in the form of a comment column or in the form of a user input form. It is a must for  successful websites to receive the feedback from their users but some malicious persons use this option to inject malicious scripts to the website. If the data entered by the user is directly inserted in to database, the situation is very critical. Luckily, PHP has some built in functions to validate the data inserted by a user using user input form. Before explaining those functions, it is better understand the effects of tricky external credentials.

Effects of Malicious User Inputs on a Website


Though a PHP address form is intended to receive user details like name, address etc, it will take every strings submitted unless we don't implement strict validation. If someone enters a script instead of name, it is possible that the form will accept it unless there is a validation. It will be extremely dangerous if we use the same input for any data base query.


Built in PHP Functions To Validate User Inputs Though Form


Here is the list of three important functions which validates data entered through a PHP form.

  1. Trim() :

    Trim() function is used to remove any extra space, new line etc from the form inputs. Every text filed values must be passed through trim() function before taking the input for operations.

  2. htmlspecialchars()

    Htmlspecialchars() function will convert any HTML element in the user string to HTML escaped characters and prevent it from executing the code.

  3. stripslashes()

    This function removes backslashes (\) from the user input data.


By the combined use of these three functions we can reduce the risk of taking user input through PHP form. Now let us check how to implement these three functions in our code.


Implementation of PHP Form Validation In a Code


Let us consider the username received through a PHP form is $_POST["username"];. We need to pass the value to a variable like $user=$_POST["username"]; Right now we do not know whether the input is harmless. So we need to create a custom function by using the three functions explained before.

function validate($x)
{
   $x= trim($x);
    $x= stripslashes($x);
    $x= htmlspecialchars($x);
    return $x;

}


Now the user inputs must be sanitized using the custom function we have created. For example we are going to validate the $user using the function validate().

validate($user);


Related Articles
  1. Multiple Article Submission Penalty

  2. Web Traffic Vs AdSense Earnings

  3. Optimize Blogger Template

  4. How to Calculate CPC

Comments

Recent Posts

Village Field Assistant in Kerala Revenue (123/2017) Examination

PSC has notified examination for the post Village Field Assistant in Kerala Revenue Department. Category number of the notification is 123/2017. According to this notification, anyone who has passed 10th Standard and having cycling skill can apply. There is no ineligibility for those having higher education standards to apply for Village Field Assistant. So, those who passed HSS, Degree etc can apply. Village Field Assistant is the new name given to the post Village Man in Kerala Revenue Department and is one of the few posts where PSC conducts direct recruitment to Revenue department. Public Service Commission conducts different examinations for each districts and there will be different question papers and cut off marks. Anyone who apply for Village Field Assistant can apply to only one district. Right now, only anticipatory vacancies are reported. So we do not know the exact number of vacancies in each districts. According to High Court verdict in 2006, women too can apply to Vill…

How to Configure Idea 4G & 3G on Android Phone -APN Settings

When you activate Idea GPRS, 4G or 3G Internet on your Android phone, your phone will receive the automatic settings. However, sometimes you may need to configure the Access Point and GPRS settings for Idea (both GSM second and third generation) connection manually on your Android phone. In case if you delete the previous configuration, it is better know how to setup the same settings again by yourself. A wrong Access Point Name can stop you from accessing their mobile broadband service. Otherwise after deleting the existing APN for Idea 3G or GPRS you may need to re-insert the SIM again to get automatic settings from them. If you know the manual configuration steps, you can avoid that hardware procedure. If you are looking for the steps to get maximum speed from Idea 4G, you may click the link below and follow the instructions. The below hack will increase the Idea 4G data transfer speed.


Boost Idea 4G Data Transfer Speed

Steps to Configure Idea 4G/ GPRS/ 3G on Android Click on Applic…

Kerala PSC Examination Syllabus

Syllabus oriented preparation is the key factor of success in every examinations. Chances of winning various examinations conducted by Kerala PSC depends on the efforts of a candidate to study topics mentioned in the exact syllabus of that examination. It is important to understand the detailed syllabus of an examination by Public Service Commission before starting to study for it. Complete analysis of examination syllabus will give the candidate the idea of most important and less important topics. By giving more efforts to cover important portions, he will be able to score more marks and better rank compared to others who have no idea on the syllabus. In this post, you can check detailed syllabuses of most of the exams conducted by Kerala PSC. In the chronological order, you can check syllabus for degree level examinations, 10'th level examinations and last grade exams. Time for both Degree level and Tenth level examinations is 75 minutes and there will be 100questions each …

Kerala Government Higher Secondary School Teacher Recruitment

Kerala PSC has invited applications from eligible candidates to recruit Higher Secondary School Teacher for Kerala Higher Secondary Education Department. Vacancies are available for teachers in various subjects and the detailed information is provided in the chart below. Monthly starting salary of Government Higher Secondary School Teacher (Junior) in Kerala Higher Secondary Eduction is 32300-68700/-Indian Rupees. Age limit to apply for Higher Secondary School Teacher post in Kerala for general category is 20 -40 years. Usual upper age relaxation is allowed for candidates belongs to OBC and SC/ST category. Kerala Government Higher Secondary School Teacher Examination detailed syllabus and previous year question papers are updated in the charts below.
Notification NumberName of the Post Last Date to Apply 246/2017Higher Secondary School Teacher (Junior) English20-09-2017 247/2017Higher Secondary School Teacher (Junior) Political Science20-09-2017 248/2017Higher Secondary School Tea…

Eligibility and Exam Pattern CBI Officer Recruitment 2017 - Sub Inspector By SSC CGL

To become an officer in Central Bureau of Investigation ( CBI ) is a dream of many youth in India. Though this elite investigation agency is popular among public, many do not know the procedure to join CBI as an officer. This article explains the various criteria, eligibility, exam pattern and procedure to become a CBI officer. Two different agencies conduct examinations to fill vacancies in CBI. They are UPSC and SSC. To become a group A officer in CBI, you must choose Civil Service Examination conducted by UPSC and become an IPS officer. To join as Sub Inspector in CBI, you must go through SSC CGL examination.

Name Of the Post Recruitment Agency Group A OfficerUPSC (Civil Service Examination)Sub InspectorSSC CGL
Where to Apply
If you are dreaming to become an Officer in CBI, you must pass the Combined Graduate Level Examination (CGL ) conducted by Staff Selection Commission (SSC) in every year. You must wait for the next SSC CGL notification and prepare for the same. It is a 4 tier …

PING: Transmit failed. General Failure - Reasons and Solution

Yesterday while checking network connectivity, I received one error message while trying to ping loopback address from my Windows computer. The error message I received is "PING: Transmit failed. General Failure" and all the packets send from command prompt were lost. I tried to ping a different loopback address but the result was same. I fixed the issue by following a set of steps and sharing those troubleshooting steps in this tutorial hoping it may help in case if you experience the same error message PING: Transmit failed. General Failure.


Broadband Hack To Improve Speed

This is the output I received when I ping loopback address.

C:\Users\sijugk>ping 172.0.0.21 Pinging 172.0.0.21 with 32 bytes of data: PING: transmit failed. General failure. PING: transmit failed. General failure. PING: transmit failed. General failure. PING: transmit failed. General failure. Ping statistics for 172.0.0.21: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)


Reasons an…