SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Mar 2009
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    submit form security

    Hi

    I have a php website with a number of fields:


    Title : just text
    Url (self explanatory)
    Description : just text
    Image Upload (user can upload pic to site)
    Video Embed: (user pastes youtube or other video site code to paste video)


    Ive been told that if i use the video embed feature that users could paste harmful code to my site, the could ruin my site/database and attack browsers.

    I have a freelance programmer helping me with the site but i thought i would ask on the net for a bit of help and suggestions.

    Ive seen the browser attacks on myspace, how do i protect against people doing this to my site?

    I want people to be able to: type text, type urls, upload pics and embed youtube or other video site videos.


    Thanks everyone in advance for the help.

  2. #2
    SitePoint Addict skunkbad's Avatar
    Join Date
    Apr 2008
    Location
    Temecula, CA
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need to validate all input, even the text of the Title. I use filter_input(), but you can also check that the input is of an expected datatype, and also use regular expressions to validate input. In the case of embedded video code, you might have to use regular expressions to make sure that the video truly is a video, or get creative.

  3. #3
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use a regex pattern to ensure that the link is a valid youtube link, or moderate the submissions before they are presented on the site.
    Visit my blog
    PHP && Life
    for technology articles and musings.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •