How do I make my registration form safe for my database?

Asked

Viewed 45 times

-1

Hello I have a website and I use this following form this script to register projects, but you need a secure form, because if I go in inspecting element on my page and change the value of my option that was administrative support for c* it will save in my db as c* I wish that value had no way to edit and tbm needed something for anti Injection, spam and CSRF or XSRF, but I don’t know how to implement it because I’m very lay in PHP, if anyone can help with any hint anything or a script that protects me from all this thank you

<?php
if(count($_POST)>0) {
    require_once("conexao.php");
    $sql = "INSERT INTO classificados (titulo, categoria, valor) VALUES ('" . $_POST["titulo"] . "','" . $_POST["categoria"] . "','" . $_POST["valor"] . "')";
    mysqli_query($conn,$sql);
    $current_id = mysqli_insert_id($conn);
    if(!empty($current_id)) {
        $message = "New User Added Successfully";
    }
}
?>

A part of my form 

<form name="frmUser" method="post" action="">
<div class="col-md-4 col-sm-12 search-col">
<div class="input-group-addon search-category-container">
<label class="styled-select">
<select required="" class="dropdown-product selectpicker" name="categoria">
<option value="">Todas Categorias</option>
<option class="subitem" value="IT & Programacao"> IT & Programação</option>
<option value="Design e Multimedia"> Design e Multimedia</option>
<option value="Tradução e Conteúdos"> Tradução e Conteúdos</option>
<option value="Marketing e vendas"> Marketing e vendas</option>
<option value="Suporte administrativo"> Suporte administrativo</option>
<option value="Finanças de Administração"> Finanças de Administração</option>
<option value="Engenharia e Manufafuta"> Engenharia e Manufafuta</option>
<option value="Legal"> Legal</option>
</select></label>
</div>
</div>
php
  • 2

    If you are very layy in PHP as you said in the question, and really need a safe form for real use, it would be the case to hire a programmer, which runs a bit of the site scope. A simple "hint" will not go anywhere near solving your problem. Now, while you’re learning, you can ask specific questions about specific parts, and as you solve each step, you can open up new questions, but always describe the problem in detail. Remembering that you can always [Dit] your post to complement (as long as it does not invalidate existing responses).

  • In the meantime, you can search here on the SQL Injection + PHP to pick up some examples of what should (and should not) do, and also about Validation + Form, Passwords + Secure etc..

  • Oops, thank you so much for the tip and help

1 answer

0

As already pointed out in the comments, the correct thing would be to study about security and how to implement it in PHP and, if any more specific questions arise, ask here. What we can do is give you a few tips and you research better each one.

The first safety tip is ALWAYS validate the data arriving in your back-end. If you do this you will already be preventing several attacks. Keep in mind that front-end validations are only to improve the user experience.

The second day is always check if the user is allowed to do some operation on your site. The easiest way to do this is by using Sesssion

The third day is always escape your data before sending to your database and mainly use a drive to connect and do operations with your database. PHP offers, for example PDO.

Of course that’s not all, but it’s a start. If I stayed these 3 things will prevent many attacks.

  • Vlw for the tip, I will give a study yes

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.