cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

How do you secure a multi-page php form?

Drymetal
Contributor ,
Jan 13, 2013 Jan 13, 2013

Copy link to clipboard

Copied

I know how to build a multi-page form where the information is stored in hidden fields and I also know how to store the data in a session.  However, I heard neither of these are secure.

Is there a better way?  Like encrypting the information or something?

Thanks!

TOPICS
Server side applications

Views

935

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

rhecker3
Explorer , Jan 14, 2013 Jan 14, 2013

1. You can put your form in a directory secured by a SSL certificate, which will encrypt data passed back and forth

2. The first part of your form may not require special security. Notice that most ecommerce system save the most sensitive info for last.

3. NEVER use the mysql database extension. Use mysqli or PDO with bound parameters.

4. When posting data, do not use <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" />

5. Validate and sanitize all data going into the database or pas

...

Votes

Translate

Translate
replies 1 Reply 1
latest latest Jump to latest reply
rhecker3
Explorer ,
Jan 14, 2013 Jan 14, 2013

Copy link to clipboard

Copied

LATEST

1. You can put your form in a directory secured by a SSL certificate, which will encrypt data passed back and forth

2. The first part of your form may not require special security. Notice that most ecommerce system save the most sensitive info for last.

3. NEVER use the mysql database extension. Use mysqli or PDO with bound parameters.

4. When posting data, do not use <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" />

5. Validate and sanitize all data going into the database or passed from one stage of the form to another

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices