About the Author

Chris Shiflett

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

Essential PHP Security: Forms and URLs

The sample chapter of Essential PHP Security for MySQL's Developer Zone is now available:

This chapter discusses form processing and the most common types of attacks that you need to be aware of when dealing with data from forms and URLs. You will learn about attacks such as cross-site scripting (XSS) and cross-site request forgeries (CSRF), as well as how to spoof forms and raw HTTP requests manually. By the end of the chapter, you will not only see examples of these attacks, but also what practices you can employ to help prevent them.

I hope you enjoy it. :-)

About This Post

Essential PHP Security: Forms and URLs was posted on Thu, 22 Dec 2005 at 14:10:01 GMT.

4 Comments

1. Cameron's GravatarCameron said:

Just got the book in the mail yesterday. I'm already a couple chapters in and it's looking pretty good so far. Two things I really appreciate about it is that it's not difficult to understand, and that it focuses more on concepts than very specific examples.

Sun, 25 Dec 2005 at 08:00:26 GMT Link

2. AlexGreen's GravatarAlexGreen said:

This chapter is the most important because scripts that get data from forms are most vulnarable. Understanding of secure forms data handling is the key to secure scripts.

Wed, 04 Jan 2006 at 08:04:59 GMT Link

3. James's GravatarJames said:

Hey this a really nice freebie... Thanks and keep up your great work!

Tue, 17 Jan 2006 at 09:04:47 GMT Link

4. Chris Shiflett's GravatarChris Shiflett said:

Thanks, James. Glad you appreciate it. :-)

Thu, 19 Jan 2006 at 17:49:31 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

php|tek

19 - 22 May 2009

At Sheraton Gateway Suites Chicago O'Hare, Chicago, Illinois.

OSCON

20 - 24 Jul 2009

At San Jose McEnery Convention Center, San Jose, California.

New Comments

Ronald wrote:

A little hard for a rookie like me, but useful. I also thought you'd like to know there is a grea...

Posted in A rev="canonical" HTTP Header
Alex wrote:

Aren't you forgetting that the session will expire if _write() is never called? That excludes ...

Posted in
Andy Mabbett wrote:

@Chris Shiflett, #4, belatedly: Google only accepts rel=canonical within the same domain. My s...

Posted in A rev="canonical" HTTP Header
Kenneth Udut wrote:

I've implemented this rev="canonical" idea on http://free.naplesplus.us in the hopes that it catc...

Posted in Save the Internet with rev="canonical"
Mark wrote:

After reading your article and all the comments, what I got out of this was that sessions are not...

Posted in

Browse Comments