About the Author

Chris Shiflett

Hi, I'm Chris, a web developer and a founding member of Analog. I live and work in Brooklyn, NY.

Essential PHP Security: Forms and URLs

The sample chapter of Essential PHP Security for MySQL's Developer Zone is now available:

This chapter discusses form processing and the most common types of attacks that you need to be aware of when dealing with data from forms and URLs. You will learn about attacks such as cross-site scripting (XSS) and cross-site request forgeries (CSRF), as well as how to spoof forms and raw HTTP requests manually. By the end of the chapter, you will not only see examples of these attacks, but also what practices you can employ to help prevent them.

I hope you enjoy it. :-)

About This Post

Essential PHP Security: Forms and URLs was posted on Thu, 22 Dec 2005 at 14:10:01 GMT.

4 Comments

1. Cameron's GravatarCameron said:

Just got the book in the mail yesterday. I'm already a couple chapters in and it's looking pretty good so far. Two things I really appreciate about it is that it's not difficult to understand, and that it focuses more on concepts than very specific examples.

Sun, 25 Dec 2005 at 08:00:26 GMT Link

2. AlexGreen's GravatarAlexGreen said:

This chapter is the most important because scripts that get data from forms are most vulnarable. Understanding of secure forms data handling is the key to secure scripts.

Wed, 04 Jan 2006 at 08:04:59 GMT Link

3. James's GravatarJames said:

Hey this a really nice freebie... Thanks and keep up your great work!

Tue, 17 Jan 2006 at 09:04:47 GMT Link

4. Chris Shiflett's GravatarChris Shiflett said:

Thanks, James. Glad you appreciate it. :-)

Thu, 19 Jan 2006 at 17:49:31 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Events

Brooklyn Beta

21 - 22 Oct 2010

At The Invisible Dog, Brooklyn, New York.

New Comments

Mario Arroyo wrote:

The article is really very good and the users comments and external links to another articles jus...

Posted in
Raphael Almeida wrote:

I realy like hiphop music, but this is very crazy! We'll use it in user group PHP conference at ...

Posted in PHP Anthem
Mal wrote:

Having used smarty for many years, this has never been a problem for me, but after building a web...

Posted in PHP Stripping Newlines
Satya wrote:

Thanks for the info. I have posted the news here on my page: http://www.facebook.com/pages/Web-Sc...

Posted in PHP Anthem
John wrote:

Oh, you need to press "save your password".

Posted in Mozilla Account Manager

Browse Comments

Work and Books

Analog Essential PHP Security HTTP Developer's Handbook