February 11th, 2006, 01:36 AM
PHP Form Security
I have a simple question concerning the security of my form.
I have a very basic PHP script that interacts with a series of checkboxes.
This form only consists of:
1. several checkboxes
2. textarea field to output echoed data, which does not process any inputed data
When a checkbox is selected it echoes back some text to the textarea field when the form is processed.
As I said before this script is very basic.
So - my questions are as follows:
a. Given that it doesn't interact with any databases or display/save anything viewable by the public, does this form still need to be secured/validated?
b. If so, any ideas on how i can secure it?
An article that i was reading said:
Does this apply to ALL PHP scripts? Or only scripts that interact with a database?
Regardless of its mode of execution, the PHP interpreter has the potential to access virtually every part of the host -- the file system, network interfaces, IPC, etc.