Hello there, I’m a new in php, I’m reviewing the right and safe use of actions = “somewhere.php” in forms.
Which is more safe? action = ''somewhere.php" or action=" "? or when to use the two.
I’ve got an overinformation that clouds my mind.
Thank you in advance.
sorry for that. As I understand your message, those three are the consideration when to use action self and external actions.
Then my follow-up question is that how can I make my form secure from those attacks? which is more efficient and effective.
Hope I am making myself clear. Thank you for your quick response.
Generally speaking you should always set an action and not leave it up to the browser to decide.
Even if you are posting back to the same page you should tell the browser that.
To keep your database safe, you need to verify that the user inputs to your forms are what you expect. If you are looking for an email address, verify that the entry is an email address. (there are examples on the internet). If you are expecting text in your form, remove everything except text before you put it into your database.
Here is an example for cleaning up a phone number: