15 Replies
i just php few weeks and i want know how can i make sending input value with post more safe and stronger for avoid hacker hack data base and ....
i use preg_match and mysqli_real_escape_string
and validte all input but i still dont know its safe or no
we can't tell you
it's impossible to answer
🤔
what you're asking is an unsolved problem
"gives any program, tell me if it's safe"
that's what you're asking
ye i know but what is best thing for avoid it for now
if you want a review on a piece of code, then that's different
a lot of things
like, an almost uncountable list of things
one thing i can tell you for sure: never trust any used input
seriously, without seeing some code, nobody can answer that
just so you know, there are situations in which
mysqli_real_escape_string is unsafeohhh so this is not good for avoid sql injecshen
i can't answer that
is there any where u know i can read more about this stuff ?
Simple answer: you can’t
Complex answer: there’s an entire field devoted to security
Mid-tier answer: there are a few things you can do to be safer
the php documentation warns about some things to avoid, but without seeing your code, nobody can say anything for sure
Input validation and string sanitation are two of the lower-hanging fruits. As epic said: never trust user input
But really, this ☝️
If you have specific code you have questions about we can help more then generalities
and you have to make sure that what goes out is safe, not just what goes into the database
You can start with the OWASP Top 10 critical issues facing developers.
Then move on to their cheatsheets series for more in-depth info about specific topics.
big tnx