SlideShare une entreprise Scribd logo

Web application security

S
salissal
Formation
1  sur  19
Télécharger pour lire hors ligne
Preventing Multiple Submissions Pengaturcaraan PHP Pengaturcaraan PHP More Secure Form Validation The golden rule of validating any data received by a PHP page is to assume that it's invalid until it passes the right tests indicating otherwise. At a bare minimum, you should Use the superglobals (e.g., $_POST['name']) rather than the registered globals ($name). Check text, password, and text area form inputs for values using empty(). Check other form inputs for values using isset(). 1
Pengaturcaraan PHP A better way to validate data is to see if it conforms to a certain type (like an integer). An even more exacting method of form validation requires the use of regular expressions. You can also use JavaScript to perform basic validation on the client (within the Web browser) before the data is sent to the server. Pengaturcaraan PHP A common question I see is how to prevent someone from submitting the same form multiple times. Whether a user repeatedly submits a form on accident or on purpose, such occurrences can be a minor nuisance or a major problem for your Web site. There are many different ways to prevent multiple submissions, and I'll discuss two options here. 2
Pengaturcaraan PHP First, if you are already using sessions, an easy solution is to create a session variable indicating whether a specific form has been submitted or not. Pengaturcaraan PHP The premise is this: a generated identifier will be stored in the HTML form (as a hidden input). This value will be inserted into the database along with the other submitted information. To prevent repeated submissions, this identifier can be stored in the database only once. A user wishing to submit the form again will have to reload the HTML form so that another unique identifier is created 3
Pengaturcaraan PHP Pengaturcaraan PHP 4
Pengaturcaraan PHP Pengaturcaraan PHP 5
Pengaturcaraan PHP Validating the Right Form Pengaturcaraan PHP 6
Pengaturcaraan PHP Step 2 After the initial PHP tag, define what form inputs are expected. Pengaturcaraan PHP Step 3 Assign the received variable names to a new array. 7
Pengaturcaraan PHP Step 4 Create a conditional that checks if the two arrays are the same. Pengaturcaraan PHP Step 5 After the mysql_close() line, complete the $allowed == $received conditional 8
Pengaturcaraan PHP Validating Data Pengaturcaraan PHP 9
Pengaturcaraan PHP For the most part, form validation is rather minimal, often just checking if a variable has any value at all. In many situations, this really is the best you can do. Pengaturcaraan PHP PHP supports many types of data: strings, numbers (integers and floats), arrays, and so on. For each of these, there's a specific function that checks if a variable is of that type. You may already be familiar with the is_numeric() function, and is_array() is a great for confirming a variable's type before attempting to use it in a foreach loop. Function Checks For is_array() Arrays is_bool() Booleans (TRUE, FALSE) is_float() Floating-point numbers is_int() Integers is_null() NULLs is_numeric() Numeric values, even as a string (e.g., "20") is_resource() Resources, like a database connection is_scalar() Scalar (single-valued) variables is_string() Strings 10
Pengaturcaraan PHP Step 3 Cast all the variables to a specific type. JavaScript Form Validation Pengaturcaraan PHP 11
Pengaturcaraan PHP JavaScript is not a true security measure in itself, but rather an added level of security and a convenience to your users. Because JavaScript is a client-side technology (whereas PHP is server-side), incorporating it into your pages can save users the hassle of having to send the form data back to the server before seeing if there are problems. Instead, you can use JavaScript to immediately run through some tests and then, if the data passes, send the form information along to PHP. Pengaturcaraan PHP 12
Pengaturcaraan PHP Step 2 Create a JavaScript section and begin a function Pengaturcaraan PHP Step 3 Validate that the user entered a name. 13
Pengaturcaraan PHP Step 4 Repeat the process for the email address and the URL. Pengaturcaraan PHP Step 5 Validate that a URL category was selected. 14
Pengaturcaraan PHP Step 7 Complete the HTML head, begin the body, and start the form. Pengaturcaraan PHP Alternatively, you can check for empty fields by seeing if their length — the number of characters entered — is less than or equal to 0. The code would be: 15
Database Security and Encryption Pengaturcaraan PHP Pengaturcaraan PHP Encryption MySQL has several encryption and decryption functions built into the software. You should be familiar with the SHA() function, which is often used to encrypt passwords stored in a database. Another function, ENCRYPT(), is like SHA() in that it encrypts a string but differs in that you can add a salt parameter to help randomize the encryption process. 16
Pengaturcaraan PHP Both the SHA() and ENCRYPT() functions create an encrypted string that cannot be decrypted. This is a great safety feature because it means that stored information cannot be retrieved in readable form. Pengaturcaraan PHP If you require data to be stored in an encrypted form that can be decrypted, you'll need to use either ENCODE() and DECODE() or AES_ENCRYPT() and AES_DECRYPT(). These functions also take a salt argument, which helps to randomize the encryption. 17
Pengaturcaraan PHP Pengaturcaraan PHP While using ENCRYPT() and DECRYPT() can add a level of security to your Web applications by encrypting and decrypting sensitive data, there's still room for improvement. For starters, the AES_ENCRYPT() function is a more secure option and is recommend if you are using MySQL 4.0.2 or later. Its syntax is the same as that of the ENCODE() function: 18
End Pengaturcaraan PHP 19

Recommandé

PHP Loops and PHP Forms
PHP Loops and PHP FormsPHP Loops and PHP Forms
PHP Loops and PHP FormsM.Zalmai Rahmani
 
Php Loop
Php LoopPhp Loop
Php Looplotlot
 
PHP Course (Basic to Advance)
PHP Course (Basic to Advance)PHP Course (Basic to Advance)
PHP Course (Basic to Advance)Coder Tech
 
Dynamic website
Dynamic websiteDynamic website
Dynamic websitesalissal
 
Pollock
PollockPollock
Pollocktomelf2007
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionssekar c
 
Php and MySQL
Php and MySQLPhp and MySQL
Php and MySQLTiji Thomas
 
PEAR For The Masses
PEAR For The MassesPEAR For The Masses
PEAR For The MassesStephan Schmidt
 

Recommandé

PHP Loops and PHP Forms
PHP Loops and PHP FormsPHP Loops and PHP Forms
PHP Loops and PHP FormsM.Zalmai Rahmani
 
Php Loop
Php LoopPhp Loop
Php Looplotlot
 
PHP Course (Basic to Advance)
PHP Course (Basic to Advance)PHP Course (Basic to Advance)
PHP Course (Basic to Advance)Coder Tech
 
Dynamic website
Dynamic websiteDynamic website
Dynamic websitesalissal
 
Pollock
PollockPollock
Pollocktomelf2007
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionssekar c
 
Php and MySQL
Php and MySQLPhp and MySQL
Php and MySQLTiji Thomas
 
PEAR For The Masses
PEAR For The MassesPEAR For The Masses
PEAR For The MassesStephan Schmidt
 
Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9isadorta
 
PhD Presentation
PhD PresentationPhD Presentation
PhD Presentationmskayed
 
Web programming
Web programmingWeb programming
Web programmingLeo Mark Villar
 
Php
PhpPhp
PhpTohid Kovadiya
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionssubash01
 
The Big Documentation Extravaganza
The Big Documentation ExtravaganzaThe Big Documentation Extravaganza
The Big Documentation ExtravaganzaStephan Schmidt
 
More about PHP
More about PHPMore about PHP
More about PHPJonathan Francis Roscoe
 
1000+ php questions
1000+ php questions1000+ php questions
1000+ php questionsSandip Murari
 
PHP MySQL
PHP MySQLPHP MySQL
PHP MySQLMd. Sirajus Salayhin
 
Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Stephan Schmidt
 
XML Transformations With PHP
XML Transformations With PHPXML Transformations With PHP
XML Transformations With PHPStephan Schmidt
 
Unit 1
Unit 1Unit 1
Unit 1tamilmozhiyaltamilmo
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARStephan Schmidt
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Indexwebhostingguy
 
Security.ppt
Security.pptSecurity.ppt
Security.pptwebhostingguy
 
Effective PHP. Part 6
Effective PHP. Part 6Effective PHP. Part 6
Effective PHP. Part 6Vasily Kartashov
 
Web app development_php_05
Web app development_php_05Web app development_php_05
Web app development_php_05Hassen Poreya
 
Javascript part1
Javascript part1Javascript part1
Javascript part1Raghu nath
 
Php1
Php1Php1
Php1Keennary Pungyera
 
Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Cathie101
 
Error handling and debugging
Error handling and debuggingError handling and debugging
Error handling and debuggingsalissal
 
Wells Fargo HAFA Guidelines
Wells Fargo HAFA GuidelinesWells Fargo HAFA Guidelines
Wells Fargo HAFA Guidelinespracticallist
 

Contenu connexe

Tendances

Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9isadorta
 
PhD Presentation
PhD PresentationPhD Presentation
PhD Presentationmskayed
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionssubash01
 
The Big Documentation Extravaganza
The Big Documentation ExtravaganzaThe Big Documentation Extravaganza
The Big Documentation ExtravaganzaStephan Schmidt
 
Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Stephan Schmidt
 
XML Transformations With PHP
XML Transformations With PHPXML Transformations With PHP
XML Transformations With PHPStephan Schmidt
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARStephan Schmidt
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Indexwebhostingguy
 
Web app development_php_05
Web app development_php_05Web app development_php_05
Web app development_php_05Hassen Poreya
 
Javascript part1
Javascript part1Javascript part1
Javascript part1Raghu nath
 
Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Cathie101
 

Tendances (20)

Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9
 
PhD Presentation
PhD PresentationPhD Presentation
PhD Presentation
 
Web programming
Web programmingWeb programming
Web programming
 
Php
PhpPhp
Php
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questions
 
The Big Documentation Extravaganza
The Big Documentation ExtravaganzaThe Big Documentation Extravaganza
The Big Documentation Extravaganza
 
More about PHP
More about PHPMore about PHP
More about PHP
 
1000+ php questions
1000+ php questions1000+ php questions
1000+ php questions
 
PHP MySQL
PHP MySQLPHP MySQL
PHP MySQL
 
Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5
 
XML Transformations With PHP
XML Transformations With PHPXML Transformations With PHP
XML Transformations With PHP
 
Unit 1
Unit 1Unit 1
Unit 1
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEAR
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
Effective PHP. Part 6
Effective PHP. Part 6Effective PHP. Part 6
Effective PHP. Part 6
 
Web app development_php_05
Web app development_php_05Web app development_php_05
Web app development_php_05
 
Javascript part1
Javascript part1Javascript part1
Javascript part1
 
Php1
Php1Php1
Php1
 
Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0
 

En vedette

Error handling and debugging
Error handling and debuggingError handling and debugging
Error handling and debuggingsalissal
 
Wells Fargo HAFA Guidelines
Wells Fargo HAFA GuidelinesWells Fargo HAFA Guidelines
Wells Fargo HAFA Guidelinespracticallist
 
Equator Short Sale Manual
Equator Short Sale ManualEquator Short Sale Manual
Equator Short Sale Manualpracticallist
 
Developing web applications
Developing web applicationsDeveloping web applications
Developing web applicationssalissal
 
Pfextinguisher
PfextinguisherPfextinguisher
Pfextinguishere'z rules
 
Equator Short Sale Manual
Equator Short Sale ManualEquator Short Sale Manual
Equator Short Sale Manualpracticallist
 
RMA - Request for mortgage assistance
RMA - Request for mortgage assistanceRMA - Request for mortgage assistance
RMA - Request for mortgage assistancepracticallist
 
bank of america short sale check list
bank of america short sale check listbank of america short sale check list
bank of america short sale check listpracticallist
 
List of Internet Acronyms
List of Internet AcronymsList of Internet Acronyms
List of Internet Acronymspracticallist
 
Using php with my sql
Using php with my sqlUsing php with my sql
Using php with my sqlsalissal
 

En vedette (15)

Error handling and debugging
Error handling and debuggingError handling and debugging
Error handling and debugging
 
Wells Fargo HAFA Guidelines
Wells Fargo HAFA GuidelinesWells Fargo HAFA Guidelines
Wells Fargo HAFA Guidelines
 
My sql
My sqlMy sql
My sql
 
Equator Short Sale Manual
Equator Short Sale ManualEquator Short Sale Manual
Equator Short Sale Manual
 
Basic php
Basic phpBasic php
Basic php
 
Developing web applications
Developing web applicationsDeveloping web applications
Developing web applications
 
Pfextinguisher
PfextinguisherPfextinguisher
Pfextinguisher
 
Equator Short Sale Manual
Equator Short Sale ManualEquator Short Sale Manual
Equator Short Sale Manual
 
RMA - Request for mortgage assistance
RMA - Request for mortgage assistanceRMA - Request for mortgage assistance
RMA - Request for mortgage assistance
 
Hcg foods
Hcg foodsHcg foods
Hcg foods
 
bank of america short sale check list
bank of america short sale check listbank of america short sale check list
bank of america short sale check list
 
List of Internet Acronyms
List of Internet AcronymsList of Internet Acronyms
List of Internet Acronyms
 
Using php with my sql
Using php with my sqlUsing php with my sql
Using php with my sql
 
Test2
Test2Test2
Test2
 
ชุดกิจกรรมที่ 1
ชุดกิจกรรมที่ 1ชุดกิจกรรมที่ 1
ชุดกิจกรรมที่ 1
 

Similaire à Web application security

WEB-MODULE 4.pdf
WEB-MODULE 4.pdfWEB-MODULE 4.pdf
WEB-MODULE 4.pdfDeepika A B
 
php&mysql with Ethical Hacking
php&mysql with Ethical Hackingphp&mysql with Ethical Hacking
php&mysql with Ethical HackingBCET
 
PHP Basics Ebook
PHP Basics EbookPHP Basics Ebook
PHP Basics EbookSwanand Pol
 
chapter Two Server-side Script lang.pptx
chapter Two Server-side Script lang.pptxchapter Two Server-side Script lang.pptx
chapter Two Server-side Script lang.pptxalehegn9
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPwahidullah mudaser
 
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)Muhamad Al Imran
 
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)Muhamad Al Imran
 
501 - PHP MYSQL.pdf
501 - PHP MYSQL.pdf501 - PHP MYSQL.pdf
501 - PHP MYSQL.pdfAkashGohil10
 
Programming with php
Programming with phpProgramming with php
Programming with phpsalissal
 
FYBSC IT Web Programming Unit IV PHP and MySQL
FYBSC IT Web Programming Unit IV PHP and MySQLFYBSC IT Web Programming Unit IV PHP and MySQL
FYBSC IT Web Programming Unit IV PHP and MySQLArti Parab Academics
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionsShubham Sunny
 
PHP Interview Questions-ppt
PHP Interview Questions-pptPHP Interview Questions-ppt
PHP Interview Questions-pptMayank Kumar
 

Similaire à Web application security (20)

WEB-MODULE 4.pdf
WEB-MODULE 4.pdfWEB-MODULE 4.pdf
WEB-MODULE 4.pdf
 
php&mysql with Ethical Hacking
php&mysql with Ethical Hackingphp&mysql with Ethical Hacking
php&mysql with Ethical Hacking
 
PHP Reviewer
PHP ReviewerPHP Reviewer
PHP Reviewer
 
PHP Basics Ebook
PHP Basics EbookPHP Basics Ebook
PHP Basics Ebook
 
phptutorial
phptutorialphptutorial
phptutorial
 
phptutorial
phptutorialphptutorial
phptutorial
 
Php manish
Php manishPhp manish
Php manish
 
Oss questions
Oss questionsOss questions
Oss questions
 
chapter Two Server-side Script lang.pptx
chapter Two Server-side Script lang.pptxchapter Two Server-side Script lang.pptx
chapter Two Server-side Script lang.pptx
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHP
 
Php
PhpPhp
Php
 
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
 
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
 
Php i basic chapter 3
Php i basic chapter 3Php i basic chapter 3
Php i basic chapter 3
 
501 - PHP MYSQL.pdf
501 - PHP MYSQL.pdf501 - PHP MYSQL.pdf
501 - PHP MYSQL.pdf
 
Programming with php
Programming with phpProgramming with php
Programming with php
 
FYBSC IT Web Programming Unit IV PHP and MySQL
FYBSC IT Web Programming Unit IV PHP and MySQLFYBSC IT Web Programming Unit IV PHP and MySQL
FYBSC IT Web Programming Unit IV PHP and MySQL
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questions
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 
PHP Interview Questions-ppt
PHP Interview Questions-pptPHP Interview Questions-ppt
PHP Interview Questions-ppt
 

Dernier

How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Developmentchesterberbo7
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
week 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptxweek 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptxJonalynLegaspi2
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfPrerana Jadhav
 
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxMan or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxDhatriParmar
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research DiscourseAnita GoswamiGiri
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 

Dernier (20)

How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
week 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptxweek 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptx
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
 
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxMan or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research Discourse
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 

Web application security

  • 1. Preventing Multiple Submissions Pengaturcaraan PHP Pengaturcaraan PHP More Secure Form Validation The golden rule of validating any data received by a PHP page is to assume that it's invalid until it passes the right tests indicating otherwise. At a bare minimum, you should Use the superglobals (e.g., $_POST['name']) rather than the registered globals ($name). Check text, password, and text area form inputs for values using empty(). Check other form inputs for values using isset(). 1
  • 2. Pengaturcaraan PHP A better way to validate data is to see if it conforms to a certain type (like an integer). An even more exacting method of form validation requires the use of regular expressions. You can also use JavaScript to perform basic validation on the client (within the Web browser) before the data is sent to the server. Pengaturcaraan PHP A common question I see is how to prevent someone from submitting the same form multiple times. Whether a user repeatedly submits a form on accident or on purpose, such occurrences can be a minor nuisance or a major problem for your Web site. There are many different ways to prevent multiple submissions, and I'll discuss two options here. 2
  • 3. Pengaturcaraan PHP First, if you are already using sessions, an easy solution is to create a session variable indicating whether a specific form has been submitted or not. Pengaturcaraan PHP The premise is this: a generated identifier will be stored in the HTML form (as a hidden input). This value will be inserted into the database along with the other submitted information. To prevent repeated submissions, this identifier can be stored in the database only once. A user wishing to submit the form again will have to reload the HTML form so that another unique identifier is created 3
  • 6. Pengaturcaraan PHP Validating the Right Form Pengaturcaraan PHP 6
  • 7. Pengaturcaraan PHP Step 2 After the initial PHP tag, define what form inputs are expected. Pengaturcaraan PHP Step 3 Assign the received variable names to a new array. 7
  • 8. Pengaturcaraan PHP Step 4 Create a conditional that checks if the two arrays are the same. Pengaturcaraan PHP Step 5 After the mysql_close() line, complete the $allowed == $received conditional 8
  • 9. Pengaturcaraan PHP Validating Data Pengaturcaraan PHP 9
  • 10. Pengaturcaraan PHP For the most part, form validation is rather minimal, often just checking if a variable has any value at all. In many situations, this really is the best you can do. Pengaturcaraan PHP PHP supports many types of data: strings, numbers (integers and floats), arrays, and so on. For each of these, there's a specific function that checks if a variable is of that type. You may already be familiar with the is_numeric() function, and is_array() is a great for confirming a variable's type before attempting to use it in a foreach loop. Function Checks For is_array() Arrays is_bool() Booleans (TRUE, FALSE) is_float() Floating-point numbers is_int() Integers is_null() NULLs is_numeric() Numeric values, even as a string (e.g., "20") is_resource() Resources, like a database connection is_scalar() Scalar (single-valued) variables is_string() Strings 10
  • 11. Pengaturcaraan PHP Step 3 Cast all the variables to a specific type. JavaScript Form Validation Pengaturcaraan PHP 11
  • 12. Pengaturcaraan PHP JavaScript is not a true security measure in itself, but rather an added level of security and a convenience to your users. Because JavaScript is a client-side technology (whereas PHP is server-side), incorporating it into your pages can save users the hassle of having to send the form data back to the server before seeing if there are problems. Instead, you can use JavaScript to immediately run through some tests and then, if the data passes, send the form information along to PHP. Pengaturcaraan PHP 12
  • 13. Pengaturcaraan PHP Step 2 Create a JavaScript section and begin a function Pengaturcaraan PHP Step 3 Validate that the user entered a name. 13
  • 14. Pengaturcaraan PHP Step 4 Repeat the process for the email address and the URL. Pengaturcaraan PHP Step 5 Validate that a URL category was selected. 14
  • 15. Pengaturcaraan PHP Step 7 Complete the HTML head, begin the body, and start the form. Pengaturcaraan PHP Alternatively, you can check for empty fields by seeing if their length — the number of characters entered — is less than or equal to 0. The code would be: 15
  • 16. Database Security and Encryption Pengaturcaraan PHP Pengaturcaraan PHP Encryption MySQL has several encryption and decryption functions built into the software. You should be familiar with the SHA() function, which is often used to encrypt passwords stored in a database. Another function, ENCRYPT(), is like SHA() in that it encrypts a string but differs in that you can add a salt parameter to help randomize the encryption process. 16
  • 17. Pengaturcaraan PHP Both the SHA() and ENCRYPT() functions create an encrypted string that cannot be decrypted. This is a great safety feature because it means that stored information cannot be retrieved in readable form. Pengaturcaraan PHP If you require data to be stored in an encrypted form that can be decrypted, you'll need to use either ENCODE() and DECODE() or AES_ENCRYPT() and AES_DECRYPT(). These functions also take a salt argument, which helps to randomize the encryption. 17
  • 18. Pengaturcaraan PHP Pengaturcaraan PHP While using ENCRYPT() and DECRYPT() can add a level of security to your Web applications by encrypting and decrypting sensitive data, there's still room for improvement. For starters, the AES_ENCRYPT() function is a more secure option and is recommend if you are using MySQL 4.0.2 or later. Its syntax is the same as that of the ENCODE() function: 18