Strategies for Validating User Input in PHP

We turn now to strategies for validating your users' input.

Secure PHP's Inputs by Turning Off Global Variables

The PHP language itself can be tweaked so as to add a bit of protection to your scripts. You control the behavior of the language (or at least those parts of it that are subject to independent control) by setting directives in php.ini, PHP's configuration file. In this section, we discuss one of PHP's environment settings that has an important influence on your scripts' vulnerability to user input—register_globals. The notorious register_globals directive was turned on by default in early versions of PHP. This was certainly a convenience to programmers, who took advantage of the fact that ...

Get Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.