re: What are some fundamentals of security every developer should understand? VIEW POST

VIEW FULL DISCUSSION
 

Whenever you process data from the outside, always process it in this order:

  1. Sanitize
  2. Validate
  3. Execute
  4. Display feedback

Example:


$errors = array();

// 1. Sanitisation
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);

// 2. Validation
if (false === filter_var($email, FILTER_VALIDATE_EMAIL)) {
   $errors['email'] =  "Invalid email address";
}

// 3. Exécution
if (count($errors)> 0){
    echo 'There are errors : ';
    print_r($errors);
    exit;
}
// At this point, all is fine, let's open the gate...
$bdd = new PDO('mysql:host=localhost;dbname=test', 'root', '');
//...

// 4. Feedback information
code of conduct - report abuse