avoid php hackers from forms

[john_zakaria]

please i want to know how to avoid hacker from hacking my website using forms

i wrote only in the post:

Code: Select all

htmlspecialchars($_POST['first_name']);

notice that i made validation using javascript to my form..
but hackers can make sql statment to delete my DB or any type of hacking..


but my question is : can the code htmlspecialchars avoid hacking from forms?? or how to avoid it??




how to stop hackers or avoid them from hacking my website??

[webmaster]

Does your form connect to a database, is it a mail form or what kind of script is behind it?

[HotNoob]

The html special characters converts all of the <, > and so on... characters in to stuff like &gt; and &lt; so that they are not processed as html in a browser.

However, the main thing you should be concerned with is mysql query injections, depending on your php's configuration, you might not have a problem with it, but if you do, you will need to use functions like mysql_real_escape_string() to clean the string.

---
However, the best way to stop hackers is simply to add a captcha, because now adays most hacks are done via crawl bots that try to hack various websites using what i like to call, "Voob" hacking methods.

Since most bots can't get past basic captcha, you should be fine; and i seriously doubt you will get even remotely enough traffic to attract a hacker to your website. As long as you don't use any content managers than you should be fine.
Stuff like joomla is relatively easy to hack into, although PHPBB3 for the most part is pretty difficult to get into.