Training, Open Source Computer Languages

Search for:
Print friendly page
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
PHP - Sanitised application principles for security and useability

When you write a simple web based application, such as a tax calculator, it's always a good ides to echo back the values that your user filled in to the initial form as a part of the response page. That way, anyone who prints out the resulting screen will know just WHAT the question was that the page answers!

It's also a good idea (a VERY good idea - read mandatory) to sanitise the user's inputs, checking against injection attacks using dingle quotes, < characters, & characters, and so on. These checks help avoid injection attacks with Javascript and HTML, and prepare you against injection attacks against a database you may add later

When you echo back the results page and present a further copy of the form that can be filled in, you should echo the values that the user entered the previous time ... and you need to be careful to sanitise the string and make sure it will accept space characters by quoting back the value when you echo it. Users often need to correct or modify values and resubmit forms, and it's very antisocial of the programmer to present them with a completely blank form as a punishment for making just one mistake!

Finally, keep the bulk of your PHP towards the top of your code and the HTML towards the bottom. That way, you can easily change the look and feel of the page without having to rework the logic, or can easily change the logic without major work on the look and feel

These are techniques that we'll teach you from day one of our PHP Programming Course and we continue with on our PHP Techniques Workshop.

I have just written and presented, in front of my delegates, an example to show these principles all in a single piece of code.

You can see the source here and run it here.
(written 2008-06-16 18:24:09)

 
Associated topics are indexed under
G906 - Well House Consultants - Programming Standards
  [2364] Getting it right from the start - new programmers - (2009-08-17)
  [2363] Alpaca Case or Camel Case - (2009-08-16)
  [2322] Looking for a practical standards course - (2009-08-05)
  [1852] Perl and Blackberries - (2008-10-23)
  [1596] Selling curry to the chinese takeaway - (2008-03-31)
  [945] Code quality counts - (2006-11-26)
  [356] Sudoku helper or sudoku cheat - (2005-06-23)
  [343] Should I use structured or object oriented? - (2005-06-10)
  [272] More to programming than just programming - (2005-04-08)
  [148] Programming in isolation - (2004-12-11)

H117 - Security in PHP
  [2628] An example of an injection attack using Javascript - (2010-02-08)
  [2025] Injection Attack if register_globals in on - PHP - (2009-02-04)
  [1779] Injection Attacks - avoiding them in your PHP - (2008-08-31)
  [1747] Who is watching you? - (2008-08-10)
  [1694] Defensive coding techniques in PHP? - (2008-07-02)
  [1542] Are nasty programs looking for security holes on your server? - (2008-02-17)
  [1482] A story about benchmarking PHP - (2007-12-23)
  [1396] Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19)
  [1387] Error logging to file not browser in PHP - (2007-10-11)
  [1323] Easy handling of errors in PHP - (2007-08-27)
  [1086] Injection attacks - safeguard your PHP scripts - (2007-02-20)
  [1052] Learning to write secure, maintainable PHP - (2007-01-25)
  [947] What is an SQL injection attack? - (2006-11-27)
  [920] A lion in a cage - PHP - (2006-11-10)
  [426] Robust checking of data entered by users - (2005-08-27)
  [345] Spotting a denial of service attack - (2005-06-12)


Back to
Software - changes and delays. But courses must run on time!
 Previous and next
or
Horse's mouth home		 Forward to
Astroturfing - the online definition
Some other Articles
Plenty of car parking at Well House Manor, Hotel, Melksham
Accounts in PHP - an OO demo
Adding a button to a web page to print the page
Astroturfing - the online definition
PHP - Sanitised application principles for security and useability
Software - changes and delays. But courses must run on time!
CSS training - Cascading Style Sheets (UK course)
A warm welcome for visitors from the USA
Comparing Objects in C++
What a lot of files! (C++ / Polymorphism demo)
2675 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
You can Add a comment or ranking to this page
Public Training Courses
Running regularly at our UK training Centre.
[Schedule] - [About] - [Book]
Related short articles
Exception handling in PHP
Adding extensions to PHP Open Source applications - callbacks
Static class members in PHP - a documented example
How to build a test harness into your PHP
Redirecting to your main domain for correct security keys
Improve your PHP on a weekend away
Compile but do not run PHP - syntax check only
What does a web application look like under Tomcat?
Object Oriented Programming in PHP
A PHP example that lets your users edit content without HTML knowledge
Shipping a test harness with your class in PHP
How to show a large result set page by page in PHP
Static variables and ampersands in PHP
Curly braces within double quoted strings in PHP
Ruby on Rails - a sample application to teach you how
Your PHP code does not work? Here is where to start looking.
Reducing image size on digital photos - PHP
Moving the product forward - ours, and MySQL, Perl, PHP and Python too
Scraping content for your own page via PHP
When should I use Java, Perl, PHP, or Python?
Plan your application before you start
A variable number of arguments in a PHP function
MySQL stored procedures / their use on the web from PHP
Abstract classes, Interfaces, PHP and Java
Controlling, supressing, enabling PHP error messages
Using print_r in PHP to explore mysql database requests
Not just a PHP program - a good web application
Are you wanting to learn PHP?
Designing your data structures for a robust Perl application
Using a cache for efficiency. Python and PHP examples
Geocoding - converting address to latitude / Longitude with PHP via Google
World Flags in your PHP pages
Uploading and Downloading files - changing names (Perl and PHP)
How to make a Risotto (PHP build style)
Extracting real data from an exported file in PHP or Perl
Debugging multipage (session based) PHP applications
PHP preg functions - examples and comparision
Grouping rows for a summary report - MySQL and PHP
Past PHP delegates / others - coding help needed for next 3 months
Handling nasty characters - Perl, PHP, Python, Tcl, Lua
Learning PHP, Ruby, Lua and Python - upcoming courses
A (biased?) comparison of PHP courses in the UK
Adding a newsfeed for your users to a multipage PHP application
Multiple web applications under Tomcat - what are the options?
Improving the structure of your early PHP programs
New Example - cacheing results in PHP for faster loading
Matching disparate referencing systems (MediaWiki, PHP, also Tcl)
Application design in PHP - multiple step processes
Basic OO principles
PHP4 v PHP5 - Object Model Difference
Crossrefering documents with uniqueness and inconsistency issues - PHP proof of concept demo
PHP - getclass v instanceof
Variable scope in Java Servlets and other web applications
Using the internet to remotely check for power failure at home (PHP)
What features does this visitors browser support? (PHP)
Choosing a railway station fairly in PHP
PHP Course - for hobby / club / charity users.
Connecting jconsole remotely - the principles
Weekday or Weekend PHP, Python and Perl classes?
Extra PHP Examples
Setting up a MySQL database from PHP
A Presentation about our company - web and PHP
Learning to program in PHP, Python, Java or Lua ...
httpd, Tomcat and PHP course enhancements
Discount Training Courses - PHP, Perl, Python
Keeping PHP code in database and running it
Best source to learn Java (or Perl or PHP or Python)
Index Card System for Game Characters in PHP
PHP - Parse error: syntax error, unexpected $end ...
Predictive Load Balancing - PHP and / or Java
Quick Summary - PHP installation
Flash (client) to PHP (server) - example
Flurinci knows Raby Lae PHP and Jeve
Remember Me - PHP
Job application
Text formating for HTML, with PHP
Question Mark - Colon operator (Perl and PHP)
Sorting objects in PHP
Regular Expressions in PHP
Refactoring - a PHP demo becomes a production page
© WELL HOUSE CONSULTANTS LTD., 2010: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 344596 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho