Skip to main content

Prevent Malicious User Inputs In PHP Form

A professional website always must have a way to receive user inputs either in the form of a comment column or in the form of a user input form. It is a must for  successful websites to receive the feedback from their users but some malicious persons use this option to inject malicious scripts to the website. If the data entered by the user is directly inserted in to database, the situation is very critical. Luckily, PHP has some built in functions to validate the data inserted by a user using user input form. Before explaining those functions, it is better understand the effects of tricky external credentials.

Effects of Malicious User Inputs on a Website


Though a PHP address form is intended to receive user details like name, address etc, it will take every strings submitted unless we don't implement strict validation. If someone enters a script instead of name, it is possible that the form will accept it unless there is a validation. It will be extremely dangerous if we use the same input for any data base query.


Built in PHP Functions To Validate User Inputs Though Form


Here is the list of three important functions which validates data entered through a PHP form.

  1. Trim() :

    Trim() function is used to remove any extra space, new line etc from the form inputs. Every text filed values must be passed through trim() function before taking the input for operations.

  2. htmlspecialchars()

    Htmlspecialchars() function will convert any HTML element in the user string to HTML escaped characters and prevent it from executing the code.

  3. stripslashes()

    This function removes backslashes (\) from the user input data.


By the combined use of these three functions we can reduce the risk of taking user input through PHP form. Now let us check how to implement these three functions in our code.


Implementation of PHP Form Validation In a Code


Let us consider the username received through a PHP form is $_POST["username"];. We need to pass the value to a variable like $user=$_POST["username"]; Right now we do not know whether the input is harmless. So we need to create a custom function by using the three functions explained before.

function validate($x)
{
   $x= trim($x);
    $x= stripslashes($x);
    $x= htmlspecialchars($x);
    return $x;

}


Now the user inputs must be sanitized using the custom function we have created. For example we are going to validate the $user using the function validate().

validate($user);


Related Articles
  1. Multiple Article Submission Penalty

  2. Web Traffic Vs AdSense Earnings

  3. Optimize Blogger Template

  4. How to Calculate CPC

Comments

Recent Posts

How to Configure Idea 4G & 3G on Android Phone -APN Settings

When you activate Idea GPRS, 4G or 3G Internet on your Android phone, your phone will receive the automatic settings. However, sometimes you may need to configure the Access Point and GPRS settings for Idea (both GSM second and third generation) connection manually on your Android phone. In case if you delete the previous configuration, it is better know how to setup the same settings again by yourself. A wrong Access Point Name can stop you from accessing their mobile broadband service. Otherwise after deleting the existing APN for Idea 3G or GPRS you may need to re-insert the SIM again to get automatic settings from them. If you know the manual configuration steps, you can avoid that hardware procedure. If you are looking for the steps to get maximum speed from Idea 4G, you may click the link below and follow the instructions. The below hack will increase the Idea 4G data transfer speed.


Boost Idea 4G Data Transfer Speed

Steps to Configure Idea 4G/ GPRS/ 3G on Android Click on Applic…

Village Field Assistant in Kerala Revenue (123/2017) Examination

PSC has notified examination for the post Village Field Assistant in Kerala Revenue Department. Category number of the notification is 123/2017. According to this notification, anyone who has passed 10th Standard and having cycling skill can apply. There is no ineligibility for those having higher education standards to apply for Village Field Assistant. So, those who passed HSS, Degree etc can apply. Village Field Assistant is the new name given to the post Village Man in Kerala Revenue Department and is one of the few posts where PSC conducts direct recruitment to Revenue department. Public Service Commission conducts different examinations for each districts and there will be different question papers and cut off marks. Anyone who apply for Village Field Assistant can apply to only one district. Right now, only anticipatory vacancies are reported. So we do not know the exact number of vacancies in each districts. According to High Court verdict in 2006, women too can apply to Vill…

Eligibility and Exam Pattern CBI Officer Recruitment 2017 - Sub Inspector By SSC CGL

To become an officer in Central Bureau of Investigation ( CBI ) is a dream of many youth in India. Though this elite investigation agency is popular among public, many do not know the procedure to join CBI as an officer. This article explains the various criteria, eligibility, exam pattern and procedure to become a CBI officer. Two different agencies conduct examinations to fill vacancies in CBI. They are UPSC and SSC. To become a group A officer in CBI, you must choose Civil Service Examination conducted by UPSC and become an IPS officer. To join as Sub Inspector in CBI, you must go through SSC CGL examination.

Name Of the Post Recruitment Agency Group A OfficerUPSC (Civil Service Examination)Sub InspectorSSC CGL
Where to Apply
If you are dreaming to become an Officer in CBI, you must pass the Combined Graduate Level Examination (CGL ) conducted by Staff Selection Commission (SSC) in every year. You must wait for the next SSC CGL notification and prepare for the same. It is a 4 tier …

PING: Transmit failed. General Failure - Reasons and Solution

Yesterday while checking network connectivity, I received one error message while trying to ping loopback address from my Windows computer. The error message I received is "PING: Transmit failed. General Failure" and all the packets send from command prompt were lost. I tried to ping a different loopback address but the result was same. I fixed the issue by following a set of steps and sharing those troubleshooting steps in this tutorial hoping it may help in case if you experience the same error message PING: Transmit failed. General Failure.


Broadband Hack To Improve Speed

This is the output I received when I ping loopback address.

C:\Users\sijugk>ping 172.0.0.21 Pinging 172.0.0.21 with 32 bytes of data: PING: transmit failed. General failure. PING: transmit failed. General failure. PING: transmit failed. General failure. PING: transmit failed. General failure. Ping statistics for 172.0.0.21: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)


Reasons an…

Modify SBI Inter-Bank Beneficiary For RTGS & NEFT

To complete online money transfer using either RTGS or NEFT in your State Bank of India net banking account, the first step is to add the account details of the person to whom you are sending money. Once the details are added under Inter-Bank Beneficiary list, you can start sending money to his/her account. However, it is possible that you might have entered wrong details while adding the beneficiary details. SBI allows users to either modify or delete a beneficiary if the user find the details incorrect. This article explains how to modify or delete beneficiary on SBI account within few minutes. The same procedure can be followed if you are seeing you have reached the maximum number of beneficiaries in your account while adding a new one.

Step By Step Instructions To Delete Beneficiary in HDFC Bank

Steps to Add a Beneficiary in State Bank Net-banking Account

Visit the SBI Netbanking login Link and enter netbank username and password.

https://retail.onlinesbi.com/retail/logi…

Fire Station Officer Recruitment 2017 ( Kerala Fire Force) -Exam Date

A state wide direct general recruitment for the post Station Officer( Trainee) in Kerala Fire and Rescue Services department is announced by Kerala Public Service Commission. The Scale of Pay of Fire Station Officer is 30700-65400 Indian Rupees per month. The selected officers must undergo training in State Fire Service Training School or National Fire Service College Nagpur. The minimum educational requirement to apply for Fire Station Officer in Kerala is degree in Science from a recognized university preferably in Chemistry. Those who have good record in Sports and Games will get preference. The age limit to apply for Fire Station Officer(Trainee ) by General category candidates is 20-31 years. Usual upper age relaxation is allowed for backward communities. The Fire Station Officer Recruitment 2017 exam date, physical efficiency test, last date to apply, reported vacancies etc are given below.

Category NumberGazette Notification DateLast Date to ApplyDate of written testDate of Phys…