Hello all...need some help/advice/discussion.
I have recently finished a mini-content management system using PHP/MySQL. As we begin testing and other programmers here start ripping my code to shreds, I would like to know if there are other things people can discuss/come up with for help.
I have searched and I will try to ask items I haven't found here.
1) I have Sessions running on each page which will direct user to either their home navigation page or the login page should they not have appropriate access levels of 1,2,3, etc. Our site will incorporate SSL and a password prompt upon entering the URL.
2) My DB Connection script [mysql_connect("host", "user", "password");
mysql_select_db("dbname",$db); ] to the database is in a separate directory protected with htaccess.
3) QUESTION. I have register globals off and I use $POST, $SESSION, etc. (I have steered clear from $_GET) for the site. What else can one do to assist in preventing attacks or bad information being entered into form fields. Does addslashes() do anything to secure or is that more for the quotes on content, etc? While searching here I have found many topics on addslashes but was wondering if others had any ideas or if there is more beyond add/removeslashes().
Very appreciative of any discussion or assistance.
Thanks!
