About the Author

Chris Shiflett

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

Essential PHP Security: Forms and URLs

The sample chapter of Essential PHP Security for MySQL's Developer Zone is now available:

This chapter discusses form processing and the most common types of attacks that you need to be aware of when dealing with data from forms and URLs. You will learn about attacks such as cross-site scripting (XSS) and cross-site request forgeries (CSRF), as well as how to spoof forms and raw HTTP requests manually. By the end of the chapter, you will not only see examples of these attacks, but also what practices you can employ to help prevent them.

I hope you enjoy it. :-)

About This Post

Essential PHP Security: Forms and URLs was posted on Thu, 22 Dec 2005 at 14:10:01 GMT.

4 Comments

1. Cameron's GravatarCameron said:

Just got the book in the mail yesterday. I'm already a couple chapters in and it's looking pretty good so far. Two things I really appreciate about it is that it's not difficult to understand, and that it focuses more on concepts than very specific examples.

Sun, 25 Dec 2005 at 08:00:26 GMT Link

2. AlexGreen's GravatarAlexGreen said:

This chapter is the most important because scripts that get data from forms are most vulnarable. Understanding of secure forms data handling is the key to secure scripts.

Wed, 04 Jan 2006 at 08:04:59 GMT Link

3. James's GravatarJames said:

Hey this a really nice freebie... Thanks and keep up your great work!

Tue, 17 Jan 2006 at 09:04:47 GMT Link

4. Chris Shiflett's GravatarChris Shiflett said:

Thanks, James. Glad you appreciate it. :-)

Thu, 19 Jan 2006 at 17:49:31 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

O'Reilly Open Source Convention

21 - 25 Jul 2008

At Oregon Convention Center, Portland, Oregon.

ZendCon

15 - 18 Sep 2008

In Santa Clara, California.

PHP Appalachia

11 - 14 Oct 2008

At Big Bear Lodge, Gatlinburg, Tennessee.

New Comments

Ash Searle wrote:

It might be worth changing your example code from using htmlentities to htmlspecialchars. Runn...

Posted in Allowing HTML and Preventing XSS
Chris Shiflett wrote:

Hi Steve, According to the NYT Manual of Style and Usage, it's push-up: Most but not all co...

Posted in Miscellaneous
steve wrote:

so, is it push up, pushup or push-up? just curious... --steve --www.hundredpushups.com

Posted in Miscellaneous
Walter Lawless wrote:

It's sad to think that even now, nearly 4 years after this was originally written, that there are...

Posted in
Asanka Dewage wrote:

I've been a Mac user for over a year now and I didn't know about the [say] command! What a nifty ...

Posted in Miscellaneous

Browse Comments