SlideShare une entreprise Scribd logo

Web application security

S
salissal
Formation
1  sur  19
Télécharger pour lire hors ligne
Preventing Multiple Submissions Pengaturcaraan PHP Pengaturcaraan PHP More Secure Form Validation The golden rule of validating any data received by a PHP page is to assume that it's invalid until it passes the right tests indicating otherwise. At a bare minimum, you should Use the superglobals (e.g., $_POST['name']) rather than the registered globals ($name). Check text, password, and text area form inputs for values using empty(). Check other form inputs for values using isset(). 1
Pengaturcaraan PHP A better way to validate data is to see if it conforms to a certain type (like an integer). An even more exacting method of form validation requires the use of regular expressions. You can also use JavaScript to perform basic validation on the client (within the Web browser) before the data is sent to the server. Pengaturcaraan PHP A common question I see is how to prevent someone from submitting the same form multiple times. Whether a user repeatedly submits a form on accident or on purpose, such occurrences can be a minor nuisance or a major problem for your Web site. There are many different ways to prevent multiple submissions, and I'll discuss two options here. 2
Pengaturcaraan PHP First, if you are already using sessions, an easy solution is to create a session variable indicating whether a specific form has been submitted or not. Pengaturcaraan PHP The premise is this: a generated identifier will be stored in the HTML form (as a hidden input). This value will be inserted into the database along with the other submitted information. To prevent repeated submissions, this identifier can be stored in the database only once. A user wishing to submit the form again will have to reload the HTML form so that another unique identifier is created 3
Pengaturcaraan PHP Pengaturcaraan PHP 4
Pengaturcaraan PHP Pengaturcaraan PHP 5
Pengaturcaraan PHP Validating the Right Form Pengaturcaraan PHP 6
Pengaturcaraan PHP Step 2 After the initial PHP tag, define what form inputs are expected. Pengaturcaraan PHP Step 3 Assign the received variable names to a new array. 7
Pengaturcaraan PHP Step 4 Create a conditional that checks if the two arrays are the same. Pengaturcaraan PHP Step 5 After the mysql_close() line, complete the $allowed == $received conditional 8
Pengaturcaraan PHP Validating Data Pengaturcaraan PHP 9
Pengaturcaraan PHP For the most part, form validation is rather minimal, often just checking if a variable has any value at all. In many situations, this really is the best you can do. Pengaturcaraan PHP PHP supports many types of data: strings, numbers (integers and floats), arrays, and so on. For each of these, there's a specific function that checks if a variable is of that type. You may already be familiar with the is_numeric() function, and is_array() is a great for confirming a variable's type before attempting to use it in a foreach loop. Function Checks For is_array() Arrays is_bool() Booleans (TRUE, FALSE) is_float() Floating-point numbers is_int() Integers is_null() NULLs is_numeric() Numeric values, even as a string (e.g., "20") is_resource() Resources, like a database connection is_scalar() Scalar (single-valued) variables is_string() Strings 10
Pengaturcaraan PHP Step 3 Cast all the variables to a specific type. JavaScript Form Validation Pengaturcaraan PHP 11
Pengaturcaraan PHP JavaScript is not a true security measure in itself, but rather an added level of security and a convenience to your users. Because JavaScript is a client-side technology (whereas PHP is server-side), incorporating it into your pages can save users the hassle of having to send the form data back to the server before seeing if there are problems. Instead, you can use JavaScript to immediately run through some tests and then, if the data passes, send the form information along to PHP. Pengaturcaraan PHP 12
Pengaturcaraan PHP Step 2 Create a JavaScript section and begin a function Pengaturcaraan PHP Step 3 Validate that the user entered a name. 13
Pengaturcaraan PHP Step 4 Repeat the process for the email address and the URL. Pengaturcaraan PHP Step 5 Validate that a URL category was selected. 14
Pengaturcaraan PHP Step 7 Complete the HTML head, begin the body, and start the form. Pengaturcaraan PHP Alternatively, you can check for empty fields by seeing if their length — the number of characters entered — is less than or equal to 0. The code would be: 15
Database Security and Encryption Pengaturcaraan PHP Pengaturcaraan PHP Encryption MySQL has several encryption and decryption functions built into the software. You should be familiar with the SHA() function, which is often used to encrypt passwords stored in a database. Another function, ENCRYPT(), is like SHA() in that it encrypts a string but differs in that you can add a salt parameter to help randomize the encryption process. 16
Pengaturcaraan PHP Both the SHA() and ENCRYPT() functions create an encrypted string that cannot be decrypted. This is a great safety feature because it means that stored information cannot be retrieved in readable form. Pengaturcaraan PHP If you require data to be stored in an encrypted form that can be decrypted, you'll need to use either ENCODE() and DECODE() or AES_ENCRYPT() and AES_DECRYPT(). These functions also take a salt argument, which helps to randomize the encryption. 17
Pengaturcaraan PHP Pengaturcaraan PHP While using ENCRYPT() and DECRYPT() can add a level of security to your Web applications by encrypting and decrypting sensitive data, there's still room for improvement. For starters, the AES_ENCRYPT() function is a more secure option and is recommend if you are using MySQL 4.0.2 or later. Its syntax is the same as that of the ENCODE() function: 18
End Pengaturcaraan PHP 19

Recommandé

PHP Loops and PHP Forms
PHP Loops and PHP FormsPHP Loops and PHP Forms
PHP Loops and PHP FormsM.Zalmai Rahmani
 
Php Loop
Php LoopPhp Loop
Php Looplotlot
 
PHP Course (Basic to Advance)
PHP Course (Basic to Advance)PHP Course (Basic to Advance)
PHP Course (Basic to Advance)Coder Tech
 
Dynamic website
Dynamic websiteDynamic website
Dynamic websitesalissal
 
Pollock
PollockPollock
Pollocktomelf2007
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionssekar c
 
Php and MySQL
Php and MySQLPhp and MySQL
Php and MySQLTiji Thomas
 
PEAR For The Masses
PEAR For The MassesPEAR For The Masses
PEAR For The MassesStephan Schmidt
 

Recommandé

PHP Loops and PHP Forms
PHP Loops and PHP FormsPHP Loops and PHP Forms
PHP Loops and PHP FormsM.Zalmai Rahmani
 
Php Loop
Php LoopPhp Loop
Php Looplotlot
 
PHP Course (Basic to Advance)
PHP Course (Basic to Advance)PHP Course (Basic to Advance)
PHP Course (Basic to Advance)Coder Tech
 
Dynamic website
Dynamic websiteDynamic website
Dynamic websitesalissal
 
Pollock
PollockPollock
Pollocktomelf2007
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionssekar c
 
Php and MySQL
Php and MySQLPhp and MySQL
Php and MySQLTiji Thomas
 
PEAR For The Masses
PEAR For The MassesPEAR For The Masses
PEAR For The MassesStephan Schmidt
 
Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9isadorta
 
PhD Presentation
PhD PresentationPhD Presentation
PhD Presentationmskayed
 
Web programming
Web programmingWeb programming
Web programmingLeo Mark Villar
 
Php
PhpPhp
PhpTohid Kovadiya
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionssubash01
 
The Big Documentation Extravaganza
The Big Documentation ExtravaganzaThe Big Documentation Extravaganza
The Big Documentation ExtravaganzaStephan Schmidt
 
More about PHP
More about PHPMore about PHP
More about PHPJonathan Francis Roscoe
 
1000+ php questions
1000+ php questions1000+ php questions
1000+ php questionsSandip Murari
 
PHP MySQL
PHP MySQLPHP MySQL
PHP MySQLMd. Sirajus Salayhin
 
Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Stephan Schmidt
 
XML Transformations With PHP
XML Transformations With PHPXML Transformations With PHP
XML Transformations With PHPStephan Schmidt
 
Unit 1
Unit 1Unit 1
Unit 1tamilmozhiyaltamilmo
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARStephan Schmidt
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Indexwebhostingguy
 
Security.ppt
Security.pptSecurity.ppt
Security.pptwebhostingguy
 
Effective PHP. Part 6
Effective PHP. Part 6Effective PHP. Part 6
Effective PHP. Part 6Vasily Kartashov
 
Web app development_php_05
Web app development_php_05Web app development_php_05
Web app development_php_05Hassen Poreya
 
Javascript part1
Javascript part1Javascript part1
Javascript part1Raghu nath
 
Php1
Php1Php1
Php1Keennary Pungyera
 
Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Cathie101
 
Error handling and debugging
Error handling and debuggingError handling and debugging
Error handling and debuggingsalissal
 
Wells Fargo HAFA Guidelines
Wells Fargo HAFA GuidelinesWells Fargo HAFA Guidelines
Wells Fargo HAFA Guidelinespracticallist
 

Contenu connexe

Tendances

Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9isadorta
 
PhD Presentation
PhD PresentationPhD Presentation
PhD Presentationmskayed
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionssubash01
 
The Big Documentation Extravaganza
The Big Documentation ExtravaganzaThe Big Documentation Extravaganza
The Big Documentation ExtravaganzaStephan Schmidt
 
Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Stephan Schmidt
 
XML Transformations With PHP
XML Transformations With PHPXML Transformations With PHP
XML Transformations With PHPStephan Schmidt
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARStephan Schmidt
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Indexwebhostingguy
 
Web app development_php_05
Web app development_php_05Web app development_php_05
Web app development_php_05Hassen Poreya
 
Javascript part1
Javascript part1Javascript part1
Javascript part1Raghu nath
 
Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Cathie101
 

Tendances (20)

Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9
 
PhD Presentation
PhD PresentationPhD Presentation
PhD Presentation
 
Web programming
Web programmingWeb programming
Web programming
 
Php
PhpPhp
Php
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questions
 
The Big Documentation Extravaganza
The Big Documentation ExtravaganzaThe Big Documentation Extravaganza
The Big Documentation Extravaganza
 
More about PHP
More about PHPMore about PHP
More about PHP
 
1000+ php questions
1000+ php questions1000+ php questions
1000+ php questions
 
PHP MySQL
PHP MySQLPHP MySQL
PHP MySQL
 
Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5
 
XML Transformations With PHP
XML Transformations With PHPXML Transformations With PHP
XML Transformations With PHP
 
Unit 1
Unit 1Unit 1
Unit 1
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEAR
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
Effective PHP. Part 6
Effective PHP. Part 6Effective PHP. Part 6
Effective PHP. Part 6
 
Web app development_php_05
Web app development_php_05Web app development_php_05
Web app development_php_05
 
Javascript part1
Javascript part1Javascript part1
Javascript part1
 
Php1
Php1Php1
Php1
 
Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0Dynamic Web Pages Ch 1 V1.0
Dynamic Web Pages Ch 1 V1.0
 

En vedette

Error handling and debugging
Error handling and debuggingError handling and debugging
Error handling and debuggingsalissal
 
Wells Fargo HAFA Guidelines
Wells Fargo HAFA GuidelinesWells Fargo HAFA Guidelines
Wells Fargo HAFA Guidelinespracticallist
 
Equator Short Sale Manual
Equator Short Sale ManualEquator Short Sale Manual
Equator Short Sale Manualpracticallist
 
Developing web applications
Developing web applicationsDeveloping web applications
Developing web applicationssalissal
 
Pfextinguisher
PfextinguisherPfextinguisher
Pfextinguishere'z rules
 
Equator Short Sale Manual
Equator Short Sale ManualEquator Short Sale Manual
Equator Short Sale Manualpracticallist
 
RMA - Request for mortgage assistance
RMA - Request for mortgage assistanceRMA - Request for mortgage assistance
RMA - Request for mortgage assistancepracticallist
 
bank of america short sale check list
bank of america short sale check listbank of america short sale check list
bank of america short sale check listpracticallist
 
List of Internet Acronyms
List of Internet AcronymsList of Internet Acronyms
List of Internet Acronymspracticallist
 
Using php with my sql
Using php with my sqlUsing php with my sql
Using php with my sqlsalissal
 

En vedette (15)

Error handling and debugging
Error handling and debuggingError handling and debugging
Error handling and debugging
 
Wells Fargo HAFA Guidelines
Wells Fargo HAFA GuidelinesWells Fargo HAFA Guidelines
Wells Fargo HAFA Guidelines
 
My sql
My sqlMy sql
My sql
 
Equator Short Sale Manual
Equator Short Sale ManualEquator Short Sale Manual
Equator Short Sale Manual
 
Basic php
Basic phpBasic php
Basic php
 
Developing web applications
Developing web applicationsDeveloping web applications
Developing web applications
 
Pfextinguisher
PfextinguisherPfextinguisher
Pfextinguisher
 
Equator Short Sale Manual
Equator Short Sale ManualEquator Short Sale Manual
Equator Short Sale Manual
 
RMA - Request for mortgage assistance
RMA - Request for mortgage assistanceRMA - Request for mortgage assistance
RMA - Request for mortgage assistance
 
Hcg foods
Hcg foodsHcg foods
Hcg foods
 
bank of america short sale check list
bank of america short sale check listbank of america short sale check list
bank of america short sale check list
 
List of Internet Acronyms
List of Internet AcronymsList of Internet Acronyms
List of Internet Acronyms
 
Using php with my sql
Using php with my sqlUsing php with my sql
Using php with my sql
 
Test2
Test2Test2
Test2
 
ชุดกิจกรรมที่ 1
ชุดกิจกรรมที่ 1ชุดกิจกรรมที่ 1
ชุดกิจกรรมที่ 1
 

Similaire à Web application security

WEB-MODULE 4.pdf
WEB-MODULE 4.pdfWEB-MODULE 4.pdf
WEB-MODULE 4.pdfDeepika A B
 
php&mysql with Ethical Hacking
php&mysql with Ethical Hackingphp&mysql with Ethical Hacking
php&mysql with Ethical HackingBCET
 
PHP Basics Ebook
PHP Basics EbookPHP Basics Ebook
PHP Basics EbookSwanand Pol
 
chapter Two Server-side Script lang.pptx
chapter Two Server-side Script lang.pptxchapter Two Server-side Script lang.pptx
chapter Two Server-side Script lang.pptxalehegn9
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPwahidullah mudaser
 
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)Muhamad Al Imran
 
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)Muhamad Al Imran
 
501 - PHP MYSQL.pdf
501 - PHP MYSQL.pdf501 - PHP MYSQL.pdf
501 - PHP MYSQL.pdfAkashGohil10
 
Programming with php
Programming with phpProgramming with php
Programming with phpsalissal
 
FYBSC IT Web Programming Unit IV PHP and MySQL
FYBSC IT Web Programming Unit IV PHP and MySQLFYBSC IT Web Programming Unit IV PHP and MySQL
FYBSC IT Web Programming Unit IV PHP and MySQLArti Parab Academics
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questionsShubham Sunny
 
PHP Interview Questions-ppt
PHP Interview Questions-pptPHP Interview Questions-ppt
PHP Interview Questions-pptMayank Kumar
 

Similaire à Web application security (20)

WEB-MODULE 4.pdf
WEB-MODULE 4.pdfWEB-MODULE 4.pdf
WEB-MODULE 4.pdf
 
php&mysql with Ethical Hacking
php&mysql with Ethical Hackingphp&mysql with Ethical Hacking
php&mysql with Ethical Hacking
 
PHP Reviewer
PHP ReviewerPHP Reviewer
PHP Reviewer
 
PHP Basics Ebook
PHP Basics EbookPHP Basics Ebook
PHP Basics Ebook
 
phptutorial
phptutorialphptutorial
phptutorial
 
phptutorial
phptutorialphptutorial
phptutorial
 
Php manish
Php manishPhp manish
Php manish
 
Oss questions
Oss questionsOss questions
Oss questions
 
chapter Two Server-side Script lang.pptx
chapter Two Server-side Script lang.pptxchapter Two Server-side Script lang.pptx
chapter Two Server-side Script lang.pptx
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHP
 
Php
PhpPhp
Php
 
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
Php i basic chapter 3 (syahir chaer's conflicted copy 2013-04-22)
 
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
Php i basic chapter 3 (afifah rosli's conflicted copy 2013-04-23)
 
Php i basic chapter 3
Php i basic chapter 3Php i basic chapter 3
Php i basic chapter 3
 
501 - PHP MYSQL.pdf
501 - PHP MYSQL.pdf501 - PHP MYSQL.pdf
501 - PHP MYSQL.pdf
 
Programming with php
Programming with phpProgramming with php
Programming with php
 
FYBSC IT Web Programming Unit IV PHP and MySQL
FYBSC IT Web Programming Unit IV PHP and MySQLFYBSC IT Web Programming Unit IV PHP and MySQL
FYBSC IT Web Programming Unit IV PHP and MySQL
 
Php interview questions
Php interview questionsPhp interview questions
Php interview questions
 
Introduction to php
Introduction to phpIntroduction to php
Introduction to php
 
PHP Interview Questions-ppt
PHP Interview Questions-pptPHP Interview Questions-ppt
PHP Interview Questions-ppt
 

Dernier

MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 

Dernier (20)

MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 

Web application security

  • 1. Preventing Multiple Submissions Pengaturcaraan PHP Pengaturcaraan PHP More Secure Form Validation The golden rule of validating any data received by a PHP page is to assume that it's invalid until it passes the right tests indicating otherwise. At a bare minimum, you should Use the superglobals (e.g., $_POST['name']) rather than the registered globals ($name). Check text, password, and text area form inputs for values using empty(). Check other form inputs for values using isset(). 1
  • 2. Pengaturcaraan PHP A better way to validate data is to see if it conforms to a certain type (like an integer). An even more exacting method of form validation requires the use of regular expressions. You can also use JavaScript to perform basic validation on the client (within the Web browser) before the data is sent to the server. Pengaturcaraan PHP A common question I see is how to prevent someone from submitting the same form multiple times. Whether a user repeatedly submits a form on accident or on purpose, such occurrences can be a minor nuisance or a major problem for your Web site. There are many different ways to prevent multiple submissions, and I'll discuss two options here. 2
  • 3. Pengaturcaraan PHP First, if you are already using sessions, an easy solution is to create a session variable indicating whether a specific form has been submitted or not. Pengaturcaraan PHP The premise is this: a generated identifier will be stored in the HTML form (as a hidden input). This value will be inserted into the database along with the other submitted information. To prevent repeated submissions, this identifier can be stored in the database only once. A user wishing to submit the form again will have to reload the HTML form so that another unique identifier is created 3
  • 6. Pengaturcaraan PHP Validating the Right Form Pengaturcaraan PHP 6
  • 7. Pengaturcaraan PHP Step 2 After the initial PHP tag, define what form inputs are expected. Pengaturcaraan PHP Step 3 Assign the received variable names to a new array. 7
  • 8. Pengaturcaraan PHP Step 4 Create a conditional that checks if the two arrays are the same. Pengaturcaraan PHP Step 5 After the mysql_close() line, complete the $allowed == $received conditional 8
  • 9. Pengaturcaraan PHP Validating Data Pengaturcaraan PHP 9
  • 10. Pengaturcaraan PHP For the most part, form validation is rather minimal, often just checking if a variable has any value at all. In many situations, this really is the best you can do. Pengaturcaraan PHP PHP supports many types of data: strings, numbers (integers and floats), arrays, and so on. For each of these, there's a specific function that checks if a variable is of that type. You may already be familiar with the is_numeric() function, and is_array() is a great for confirming a variable's type before attempting to use it in a foreach loop. Function Checks For is_array() Arrays is_bool() Booleans (TRUE, FALSE) is_float() Floating-point numbers is_int() Integers is_null() NULLs is_numeric() Numeric values, even as a string (e.g., "20") is_resource() Resources, like a database connection is_scalar() Scalar (single-valued) variables is_string() Strings 10
  • 11. Pengaturcaraan PHP Step 3 Cast all the variables to a specific type. JavaScript Form Validation Pengaturcaraan PHP 11
  • 12. Pengaturcaraan PHP JavaScript is not a true security measure in itself, but rather an added level of security and a convenience to your users. Because JavaScript is a client-side technology (whereas PHP is server-side), incorporating it into your pages can save users the hassle of having to send the form data back to the server before seeing if there are problems. Instead, you can use JavaScript to immediately run through some tests and then, if the data passes, send the form information along to PHP. Pengaturcaraan PHP 12
  • 13. Pengaturcaraan PHP Step 2 Create a JavaScript section and begin a function Pengaturcaraan PHP Step 3 Validate that the user entered a name. 13
  • 14. Pengaturcaraan PHP Step 4 Repeat the process for the email address and the URL. Pengaturcaraan PHP Step 5 Validate that a URL category was selected. 14
  • 15. Pengaturcaraan PHP Step 7 Complete the HTML head, begin the body, and start the form. Pengaturcaraan PHP Alternatively, you can check for empty fields by seeing if their length — the number of characters entered — is less than or equal to 0. The code would be: 15
  • 16. Database Security and Encryption Pengaturcaraan PHP Pengaturcaraan PHP Encryption MySQL has several encryption and decryption functions built into the software. You should be familiar with the SHA() function, which is often used to encrypt passwords stored in a database. Another function, ENCRYPT(), is like SHA() in that it encrypts a string but differs in that you can add a salt parameter to help randomize the encryption process. 16
  • 17. Pengaturcaraan PHP Both the SHA() and ENCRYPT() functions create an encrypted string that cannot be decrypted. This is a great safety feature because it means that stored information cannot be retrieved in readable form. Pengaturcaraan PHP If you require data to be stored in an encrypted form that can be decrypted, you'll need to use either ENCODE() and DECODE() or AES_ENCRYPT() and AES_DECRYPT(). These functions also take a salt argument, which helps to randomize the encryption. 17
  • 18. Pengaturcaraan PHP Pengaturcaraan PHP While using ENCRYPT() and DECRYPT() can add a level of security to your Web applications by encrypting and decrypting sensitive data, there's still room for improvement. For starters, the AES_ENCRYPT() function is a more secure option and is recommend if you are using MySQL 4.0.2 or later. Its syntax is the same as that of the ENCODE() function: 18