To prevent hackers in PHP

I was attracted to dynamic web language like PHP and later on ASP.NET for the sake of its interactivity.

To do that user input is extremely important. Basically it’s done by taking user’s input through text boxes and after that a click on a button posts that texts to server to do the rest of the tricks.

But there is a thin line exists between a good user and a bad user. Someone might try to inject some malicious codes through text boxes to the server and that would ultimately attack the data bank of the site.

What can be done?

In ASP.NET, it’s done differently.

In PHP, today I found str_tags() function which can do the magic.

Let me see the pages first, how it looks:

We tried to inject <b></b> code but the result comes out as:

Now the code part:

  • <?php

    handle_data();

    function handle_data()
    {

    echo “Your name is : “;
    $text = strip_tags($_REQUEST[“name”]);
    echo $text;

    }

    ?>

  • I did not mention the HTML part as it was quite evident, the input was taken from the textbox.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s