Hacker Proof Site?

OwenTheSamoan

I'm making an interactive site using php and mysql. Members of the site can type in their own info through a text box. Is there a standard code that has a list of illegal words that would prevent a hacker from getting into my site. Or standard precautions I might use? Thanks in advance to anyone that can help.

jonsof

i think that it is up to your server but i am not sure!

OwenTheSamoan

I saw code qhile back, I wish I had copied it then, but it prevented a hacker from entering certain words through the text box.

Example: mysql, root, username, bin, password....etc

I thought maybe there was a way of filtering thse words and whatever else may cause me a problem.

Weedpacket

You could search around here for specific tidbits (search for the word "censor", for example) or more general considerations (e.g., here.) There's also the chapter in the PHP manual on Security it would pay to read.

When it comes to text boxes, or any user input, the general principle is to be paranoid. Never trust anything coming in from the outside world to be innocent. Don't trust the form field contents, don't trust the URLs, don't trust the request headers (given that it got through your web server and got to PHP, you can presumably be confident that it really is an http request). Don't use any of this info until it's been properly checked out. Things like taking user input and building any sort of system command (including directory and filenames) out of them (the sort of places where words like "mysql', "root" "bin", etc. would be used to do things) are especially dangerous - it's basically an invitation to the world to do whatever it likes to your machine.

OwenTheSamoan

thanks