Webmaster Forum - View Single Post - How to secure this PHP e-shop script ???

AYYASH · 09-08-2007, 02:02 AM

The basic security rule is "every information that comes in or out your application is not allowed except what you permit".
You need to check your code and find what parts that handels query string values. Add more strict filters to define if the values you're getting through query string are true compared to what is in the data base (or any other source) or not. If every thing is true then implemnt the rest of the code. If not, stop the code and switch the user to the error page.

09-08-2007, 02:02 AM	#2 (permalink)
AYYASH Inactive Join Date: 09-08-07 Location: Jeddah, Saudi Arabia Posts: 2 iTrader: 0 / 0% Latest Blog: None	The basic security rule is "every information that comes in or out your application is not allowed except what you permit". You need to check your code and find what parts that handels query string values. Add more strict filters to define if the values you're getting through query string are true compared to what is in the data base (or any other source) or not. If every thing is true then implemnt the rest of the code. If not, stop the code and switch the user to the error page.