I know how to build a multi-page form where the information is stored in hidden fields and I also know how to store the data in a session. However, I heard neither of these are secure.
Is there a better way? Like encrypting the information or something?
Thanks!
1. You can put your form in a directory secured by a SSL certificate, which will encrypt data passed back and forth
2. The first part of your form may not require special security. Notice that most ecommerce system save the most sensitive info for last.
3. NEVER use the mysql database extension. Use mysqli or PDO with bound parameters.
4. When posting data, do not use <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" />
5. Validate and sanitize all data going into the database or passed from one stage of the form to another
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
AdChoices