Home > Backend Development > PHP Tutorial > Detailed explanation of php5 and mysql5 web development technology-6 Form-processing user input_PHP tutorial

Detailed explanation of php5 and mysql5 web development technology-6 Form-processing user input_PHP tutorial

WBOY
Release: 2016-07-14 10:09:18
Original
800 people have browsed it

Creating and processing forms is an important ability indicator for web developers. This chapter summarizes the key points.

1. The difference between GET and POST
The GET method does not support any characters other than ASCII characters and requires encoding operations (url_encode(), url_decode()), which some browsers can complete automatically.
2. Form elements
Just remember a dozen commonly used ones and won’t describe them for now.
3. Check the submission source
Source: $ref = $_SERVER['HTTP_REFERER']
Server address: $srv = {$_SERVER['SERVER_NAME']} {$_SERVER['PHP_SELF']}
if( strcmp($ref,$srv) == 0 ) safe
4. Pass data through multiple pages
Three options:
Form hidden elements
Data is saved in session
Data is saved in the database
5. Verify form data
Don’t expect users to enter data according to our wishes, we need to verify it on the client and server sides.
Avoid multiple form submissions:
 (1) Client js
(2)cookie
          (3)session
(4)Header() function turns to
Processing of form expiration (to avoid data loss on the return page after incorrect submission)
6. Form security
Prevent XSS attacks: www.2cto.com
htmlspecialchars() First do html encoding for ‘ “ < > &
htmlentitles() Converts any html hypertext entity, mainly filtering the output (filtering js script tags)
strip _tags() removes any html code
Whenever the permission level changes, use session_regenerate_id () to change the sessionid.
Prevent sql injection:
mysql_escape_sstring()
mysql_real_escape_sstring()
7. Develop secure code
User input validation
Advanced validation ctype
Data filtering - pecl filter extension
input_get()
File path detection
Magic quote magic_quote_gpc , this method is not recommended

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/477698.htmlTechArticleCreating and processing forms is an important ability indicator for web developers. This chapter summarizes the key points. 1. The difference between GET and POST. The GET method does not support any characters other than ASCII characters and requires encoding operations...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template