PHP checklist for form validation advice please?

Evening all

I collect personal data from my users on my website and place it in a MYSQL database. Now I want to make 150% sure this data is safe, and can’t be hacked, changed or accessed by a hacker.

Here’s the steps I currently run through:

  1. I have magic quotes turned off
  2. I have register globals turned off
  3. All $_POST data I pass on my form runs through mysql_real_escape_string, trim, html_entities and strip_tags like so

$your_name = trim(mysql_real_escape_string(htmlentities(strip_tags($_POST['your_name'],ENT_QUOTES))));

  1. I run regular expressions on my site for things like checking the validity of an email address etc…

  2. I have a CATCHPA system in place

Now, I know that things like using Prepared Statements is best for making sure no attack takes place, and I am getting to a place whereby I will start using them.

But for now can anyone tell me that if I am doing all the above on my form that my data is safe, has all the correct procedures in place and it won’t be hacked?

Thank you

Would implementing “only so many login attempts allowed per second” code prevent this 100% or simply reduce the likelihood?

The second… other ways, brute force, ddos, etc

You should be fine against SQL attacks, but your site can always be hacked…

You should be fine against SQL attacks, but your site can always be hacked…

Thanks but in what way? Nothing else I can do to stop this right in my 5 checklist I have in place? Or do you mean just via other means by supergeeks that is sometimes beyond your control?

I think there are 2 issues here.

  1. Keeping the hackers at bay, an ongoing job as you’ve described, which you seem to be addressing.

  2. Encrypting the personal information so that IF you are hacked, or somehow your data is intercepted en-route, or from a backup (on your laptop?) that data cannot be traced back to its owner and remains anonymous.

I think it depends on what you mean by “personal data”, passwords? Ages? addresses? preferences?

Looks good to me…