Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2021 - online Python 3 training - see ((here)).

Our plans were to retire in summer 2020 and see the world, but Coronavirus has lead us into a lot of lockdown programming in Python 3 and PHP 7.
We can now offer tailored online training - small groups, real tutors - works really well for groups of 4 to 14 delegates. Anywhere in the world; course language English.

Please ask about private 'maintenance' training for Python 2, Tcl, Perl, PHP, Lua, etc.
PHP - Sanitised application principles for security and useability

When you write a simple web based application, such as a tax calculator, it's always a good ides to echo back the values that your user filled in to the initial form as a part of the response page. That way, anyone who prints out the resulting screen will know just WHAT the question was that the page answers!

It's also a good idea (a VERY good idea - read mandatory) to sanitise the user's inputs, checking against injection attacks using dingle quotes, < characters, & characters, and so on. These checks help avoid injection attacks with Javascript and HTML, and prepare you against injection attacks against a database you may add later

When you echo back the results page and present a further copy of the form that can be filled in, you should echo the values that the user entered the previous time ... and you need to be careful to sanitise the string and make sure it will accept space characters by quoting back the value when you echo it. Users often need to correct or modify values and resubmit forms, and it's very antisocial of the programmer to present them with a completely blank form as a punishment for making just one mistake!

Finally, keep the bulk of your PHP towards the top of your code and the HTML towards the bottom. That way, you can easily change the look and feel of the page without having to rework the logic, or can easily change the logic without major work on the look and feel

These are techniques that we'll teach you from day one of our PHP Programming Course and we continue with on our PHP Techniques Workshop.

I have just written and presented, in front of my delegates, an example to show these principles all in a single piece of code.

You can see the source here and run it here.
(written 2008-06-16, updated 2008-06-23)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
H117 - Security in PHP
  [345] Spotting a denial of service attack - (2005-06-12)
  [426] Robust checking of data entered by users - (2005-08-27)
  [920] A lion in a cage - PHP - (2006-11-10)
  [947] What is an SQL injection attack? - (2006-11-27)
  [1052] Learning to write secure, maintainable PHP - (2007-01-25)
  [1086] Injection attacks - safeguard your PHP scripts - (2007-02-20)
  [1323] Easy handling of errors in PHP - (2007-08-27)
  [1387] Error logging to file not browser in PHP - (2007-10-11)
  [1396] Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19)
  [1482] A story about benchmarking PHP - (2007-12-23)
  [1542] Are nasty programs looking for security holes on your server? - (2008-02-17)
  [1694] Defensive coding techniques in PHP? - (2008-07-02)
  [1747] Who is watching you? - (2008-08-10)
  [1779] Injection Attacks - avoiding them in your PHP - (2008-08-31)
  [2025] Injection Attack if register_globals in on - PHP - (2009-02-04)
  [2628] An example of an injection attack using Javascript - (2010-02-08)
  [2688] Security considerations in programming - what do we teach? - (2010-03-22)
  [2939] Protecting your images from use out of context - (2010-08-29)
  [3210] Catchable fatal error in PHP ... How to catch, and alternative solutions such as JSON - (2011-03-22)
  [3698] How to stop forms on other sites submitting to your scripts - (2012-04-15)
  [3747] An easy way to comply with the new cookie law if your site is well designed - (2012-06-02)
  [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22)
  [4642] A small teaching program - demonstration of principles only - (2016-02-08)

G906 - Well House Consultants - Programming Standards
  [148] Programming in isolation - (2004-12-11)
  [272] More to programming than just programming - (2005-04-08)
  [343] Should I use structured or object oriented? - (2005-06-10)
  [356] Sudoku helper or sudoku cheat - (2005-06-23)
  [945] Code quality counts - (2006-11-26)
  [1596] Selling curry to the chinese takeaway - (2008-03-31)
  [1852] Perl and Blackberries - (2008-10-23)
  [2322] Looking for a practical standards course - (2009-08-05)
  [2363] Alpaca Case or Camel Case - (2009-08-16)
  [2364] Getting it right from the start - new programmers - (2009-08-17)
  [3685] Programming Standards in Lua - (2012-04-06)


Back to
Software - changes and delays. But courses must run on time!
Previous and next
or
Horse's mouth home
Forward to
Astroturfing - the online definition
Some other Articles
Plenty of car parking at Well House Manor, Hotel, Melksham
Accounts in PHP - an OO demo
Adding a button to a web page to print the page
Astroturfing - the online definition
PHP - Sanitised application principles for security and useability
Software - changes and delays. But courses must run on time!
CSS training - Cascading Style Sheets (UK course)
A warm welcome for visitors from the USA
Comparing Objects in C++
What a lot of files! (C++ / Polymorphism demo)
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2021: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/1679_PHP ... ility.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb