From the course: PHP Tips, Tricks, and Techniques
Join today to access over 22,600 courses taught by industry experts.
Prevent cross-site script attacks in forms
From the course: PHP Tips, Tricks, and Techniques
Prevent cross-site script attacks in forms
- Hi, I'm David Powers, and welcome to this week's edition of PHP Tips, Tricks and Techniques, designed to help you become a smarter, more productive PHP developer. This week, I'm responding to a query from a member about the danger of cross-site scripting attacks when using the superglobal variable, SERVER PHP_SELF, in an online form. I'll begin by describing the problem, explain why I think the commonly-recommended solutions are unsatisfactory, and then propose what I believe to be a better solution to keep your online forms secure. If you want to follow along, you can download the exercise files for this video. On this page, I've got a simple form that asks the user to input their name and then displays it on the same page when the form is submitted. In the opening form tag, the action attribute tells the browser where to find the script to process the form. In PHP, it's very common to use self-processing forms. In other words, to put the processing script in the same file as the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
- Tip_18.zip
- Tip_19.zip
- Tip_01.zip
- Tip_20.zip
- Tip_02.zip
- Tip_25.zip
- Tip_03.zip
- Tip_21.zip
- Tip_22.zip
- Tip_04.zip
- Tip_23.zip
- Tip_24.zip
- Tip_06.zip
- Tip_07.zip
- Tip_34.zip
- Tip_30.zip
- Tip_31.zip
- Tip_14.zip
- Tip_32.zip
- Tip_17.zip
- Tip_33.zip
- Tip_29.zip
- Tip_35.zip
- Tip_36.zip
- Tip_37.zip
- Tip_09.zip
- Tip_10.zip
- Tip_38.zip
- Tip_39.zip
- Tip_40.zip
- Tip_08.zip
- Tip_26.zip
- Tip_11.zip
- Tip_12.zip
- Tip_13.zip
- Tip_15.zip
- Tip_16.zip
- Tip_28.zip
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
(Locked)
Round numbers to a specific multiple6m 57s
-
(Locked)
Array dereferencing4m 55s
-
Variable functions6m 8s
-
(Locked)
Build nested unordered lists automatically8m 56s
-
(Locked)
Display a repeating value only once4m 43s
-
(Locked)
Batch convert images to data URIs8m 18s
-
(Locked)
Multiple string replacement and SVGs8m 45s
-
(Locked)
Prevent cross-site script attacks in forms9m 39s
-
(Locked)
Changes to calculations with strings7m 35s
-
(Locked)
Unpacking arrays in PHP 7.17m 46s
-
(Locked)
User authentication with password hashing9m 20s
-
Set a future date7m 40s
-
(Locked)
Block access to expired member10m 55s
-
(Locked)
Extract complete sentences from start of text8m 48s
-
(Locked)
Prevent email header injection attacks7m 17s
-
(Locked)
Variable variables6m 47s
-
(Locked)
Select files for archiving9m 58s
-
(Locked)
Set a time limit on a session7m 27s
-
(Locked)
Custom sort an array with the spaceship operator7m 26s
-
(Locked)
Understanding the splat operator8m 55s
-
(Locked)
Converting new lines to real paragraphs7m 36s
-
(Locked)
Introducing PHP generators9m 33s
-
(Locked)
Dynamically editing a CSV file9m 32s
-
(Locked)
Finding all links in a webpage7m 35s
-
Creating a download link9m 45s
-
(Locked)
Debugging PDO prepared statements5m 59s
-
(Locked)
Time is running out for PHP 54m 43s
-
(Locked)
Extract values with a format string9m 10s
-
(Locked)
Generate harmonious color tones8m 7s
-
(Locked)
Getting all possible permutations of an array5m 39s
-
(Locked)
Merging arrays5m 57s
-
Strip accents from text9m 29s
-
(Locked)
Export associative arrays from a CSV6m 57s
-
Export spreadsheet data to a multi-table database10m 38s
-
(Locked)
Validate email address with accented characters3m 33s
-
(Locked)
Generating random numbers and strings7m 54s
-
(Locked)
Shorthand conditional expressions9m 9s
-
(Locked)
Modifying each element in an array8m 36s
-
Smart quotes and apostrophes7m 52s
-
(Locked)
Shortest distance between two locations6m 55s
-
(Locked)