UGN Security
Posted By: Testing form data - 09/28/05 10:28 AM
This very well could go under the newbie section but since its regarding PHP/HTML I figured my question is best served here.

I'm reading my book and as I read it states "In terms of both error management and security, you should absolutely never trust the data being entered into a form".

Ok, So here comes the question.

Why not? Are they referring to when the form is being entered into say mysql and then the info from the form can dictate stuff in the database? I know that didn't come out exactly as I am thinking but its close. Why exactly should I scrutinize form data. Any insight would be greatly appreciated.
Posted By: Testing Re: form data - 09/28/05 10:53 AM
Never mind. I understand much better now.

http://www.phpbuilder.com/columns/sporty20001102.php3?page=3
Posted By: §intå× Re: form data - 09/28/05 02:43 PM
Yea... Trust nothing from the user. Code every form as if you know a hacker is coming at it. Also safe guard from URL submissions. Remember the GET method. If someone views source on your form they will see all variables that will be passed. Even if you are using host, they can mess with the URL and try submiting malious code that way.

The best ways around this are

1.) Code like registered globals is off.
http://us2.php.net/variables.external

2.) Make sure the user came from the page the form is on. See the predefined variables
http://us2.php.net/manual/en/reserved.variables.php#reserved.variables.request


Here is a function I grabed off PHP.net to make sure your forms are secure.
Code
<?php

   function form_post_check()
   {
       $referring_url = $_SERVER['HTTP_REFERER'];    // get the referring URL
       $host = $_SERVER['HTTP_HOST'];    // get the header from the current request (example: www.yoursite.com)
       $valid_url = 'http://'.$host.'/';    // finish defining a valid referring URL
       $valid_len = strlen( $valid_url );    // get the length of the valid url

       // if the valid url isn't the first part of the referring url
       if ( substr( $referring_url, 0, $valid_len ) != $valid_url )
       {
           die( 'You submitted this form from an invalid URL.' );    // stop everything and display a message
       }
   }

?>
Be sure to make PHP.net a favorite while learning. Thier search tool is a life saver while learning, let me tell you.
© UGN Security Forum