I collect personal data from my users on my website and place it in a MYSQL database. Now I want to make 150% sure this data is safe, and can’t be hacked, changed or accessed by a hacker.
Here’s the steps I currently run through:
- I have magic quotes turned off
- I have register globals turned off
- All $_POST data I pass on my form runs through mysql_real_escape_string, trim, html_entities and strip_tags like so
$your_name = trim(mysql_real_escape_string(htmlentities(strip_tags($_POST['your_name'],ENT_QUOTES))));
I run regular expressions on my site for things like checking the validity of an email address etc…
I have a CATCHPA system in place
Now, I know that things like using Prepared Statements is best for making sure no attack takes place, and I am getting to a place whereby I will start using them.
But for now can anyone tell me that if I am doing all the above on my form that my data is safe, has all the correct procedures in place and it won’t be hacked?