O'Reilly logo

Django 1.0 Web Site Development by Ayman Hourieh

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

A word on security

At the beginning of this chapter, we designed a web form that accepts user input, stores it in the database, and presents it to the visitors of the site. Since our application will be open to the public, anyone can register and submit whatever data they want. Therefore, we need to take certain precautions to handle the situation in which malicious data is supplied.

The golden rule in web development is "Do not trust user input, ever." You must always validate and sanitize user input before saving it to the database and presenting it in HTML pages. In this section, we will discuss how to achieve this and how to avoid two common vulnerabilities in web applications.

SQL injection

One of the most common attacks on web applications ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required