- This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
Viewing 3 posts - 1 through 3 (of 3 total)
- The forum ‘Back End’ is closed to new topics and replies.
The forums ran from 2008-2020 and are now closed and viewable here as an archive.
how to create a form safe and clean urls like the example below
<form action=”tes.php” method=”post”>
<input type=”text” name=”username” placeholder=”username”>
<input type=”submit” name=”submit” value=”submit”>
</form>
This is not a question.
Can you explain further? Is there a particular problem you are trying to solve/ question you are trying to answer?
This is a question, it is also very clear…
HTML5 forms spec from w3c – pattern
To create a secure form with a clean url
* you should use post (as you are)
* you should include a CSRF token, known in WP as a nonce to verify the source for the request (this “nonce” means something wholely different in UK btw)
* you should make sure SSL certificate is installed on the server and has been checked outto not include vulnerabilities
* you should make good use of attributes like required, pattern etc where advantageous
* you should try to checksum the input using JS (focus on smaller forms)
backend this could mean
* checking the CSRF
* verifying checksums
* validating data using filters and custom functions (google php-seclib, it would be a start)
other things
* try to ensure UTF-8 encoding on forms and always add attributes for send multipart
* ensure you do not enter anything into a database or storage system without sanitizing first (removing poison bytes, script & html tags etc)