Most of the website forms face security issues. Generally the user side faces the most of the issues. Hackers can easily crack through user side validation. This post will give you a clear picture of how to prevent website from server side and user side validation security issues.
Here are our top 5 tips to keep you and your website and forms safe.
- Form validation / Server side validation
- Disable the action button
- Sql injections
- Prevent Form Double Submit
Form validation / Server side validation
Validation must be carried out on both server and browser sides. Simple errors like failure in mandatory fields which have been left empty and when a text is entered in field which accepts number can be identified by the browser.
But if you want to bypass these you must check these validations and a deep validation over server side as if we fail to do so it may lead to bad code, Also it can cause insertion of scripting code into the database. These things can lead to unwanted results over the website.
For more information on the server and browser side validation check the links below:
Browser side form validation :
Server side form validation :
Server side validation most the form covered by the Login, and singup so follow below topic.
Captcha is a system to prevent robots and spammers from websites.This is used to prevent unnecessary form submission on a webpage.It is a challenge-response test which is used to determine weather you are a human.
Captch mainly uses registration form. There 2 types of captcha you can use.Below i have listed the method to create different types of captcha. Check the link for further information.
Disable the Action button
Write the script for actions buttons, Before submit the form check all the fields are validate are are then only allow to click the submit button. Use jquery to disable and enable the form script.
<html><head><script src="//code.jquery.com/jquery-1.11.0.min.js"></script><script src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.13.1/jquery.validate.min.js"></script></head><body><form id="user_form" method="post"><p><input type="text" class="required" name="firstname" /></p><p><input type="text" class="required" name="lastname" /></p><p><input type="email" class="required" name="email" /></p><p><input type="submit" name="send" class="submit_form" value="Submit"></p></form></body></html>
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. Now a days most of the MVC platforms are built with the sql injection. If you not familiar with the MVC Pattern try to use PDO and Mysqli avoiding mysql as it's deprecated.
I have posted topics related with PDO and mysqli basic function it will help you to get more information about the SQL injucations.
Prevent form multiple time submit
A quick double click on submit button form value will be posted twice.Due to delay in form post action leads to multiple submit click from the users. To avoid this kind of errors we must disable the submit button once the button is clicked.
Here i have shared jquery function to disable the button.
There are other parameters which play a major role in safety of your website like SSL certification
and https protocol service.We have stated few top queries which can resolve your issues to amaximum level.
Stay tuned to our facebook page for any updates on the above mentioned post.
- Basic sql commands and functions
- Html 5 Mobile Number Validation
- Youtube Video Embed Code Tricks
- Php Contact Form Captcha Code Using Ajax
- PHP Email And Mobile Number Validation Script
- Convert P
data HP SON API url to J
- Ajax add,view and
ete using mysqli del
- PDO basic insert,view,update,d
te with php ele function