Detailed explanation of php5 and mysql5 web development technology-6 Form-processing user input_PHP tutorial

Creating and processing forms is an important ability indicator for web developers. This chapter summarizes the key points.

1. The difference between GET and POST

The GET method does not support any characters other than ASCII characters and requires encoding operations (url_encode(), url_decode()), which some browsers can complete automatically.

2. Form elements

Just remember a dozen commonly used ones and won’t describe them for now.

3. Check the submission source

Source: $ref = $_SERVER['HTTP_REFERER']

Server address: $srv = {$_SERVER['SERVER_NAME']} {$_SERVER['PHP_SELF']}

if( strcmp($ref,$srv) == 0 ) safe

4. Pass data through multiple pages

Three options:

Form hidden elements

Data is saved in session

Data is saved in the database

5. Verify form data

Don’t expect users to enter data according to our wishes, we need to verify it on the client and server sides.

Avoid multiple form submissions:

　(1) Client js

(2)cookie

          (3)session

(4)Header() function turns to

Processing of form expiration (to avoid data loss on the return page after incorrect submission)

6. Form security

Prevent XSS attacks: www.2cto.com

htmlspecialchars() First do html encoding for ‘ “ < > &

htmlentitles() Converts any html hypertext entity, mainly filtering the output (filtering js script tags)

strip _tags() removes any html code

Whenever the permission level changes, use session_regenerate_id () to change the sessionid.

Prevent sql injection:

mysql_escape_sstring()

mysql_real_escape_sstring()

7. Develop secure code

User input validation

Advanced validation ctype

Data filtering - pecl filter extension

input_get()

File path detection

Magic quote magic_quote_gpc , this method is not recommended

http://www.bkjia.com/PHPjc/477698.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/477698.htmlTechArticleCreating and processing forms is an important ability indicator for web developers. This chapter summarizes the key points. 1. The difference between GET and POST. The GET method does not support any characters other than ASCII characters and requires encoding operations...