Strategies for Validating User Input in PHP

We turn now to strategies for validating your users' input.

Secure PHP's Inputs by Turning Off Global Variables

The PHP language itself can be tweaked so as to add a bit of protection to your scripts. You control the behavior of the language (or at least those parts of it that are subject to independent control) by setting directives in php.ini, PHP's configuration file. In this section, we discuss one of PHP's environment settings that has an important influence on your scripts' vulnerability to user input—register_globals. The notorious register_globals directive was turned on by default in early versions of PHP. This was certainly a convenience to programmers, who took advantage of the fact that ...

Get Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.