Sanitizing Input on a Website

The internet has become a common necessity within our society and has continually changed within the last decade. With the demand for internet access constantly growing, companies are striving to provide the quickest bandwidth at minimum cost.  There are many uses that people access the internet for, such as simply checking their email, updating their facebook status, for online banking, etc. The vast use of the internet has adapted new security infrastructures, and will continue to evolve with newly created technology.

Virtually every website on the internet contains sections where a common user could input text into a form. Whether the page is simply a contact form or as complex as an e commerce website,  an unsanitized input box could put a potential risk towards the website and it’s users and could potentially put their information at risk.

Many new web developers who have implemented a database in which to store sensitive user data, may unintentionally neglect certain steps to protect this information.

Many web servers currently run PHP, which is a useful scripting language that allows programmers to display information dynamically on a page. PHP is relatively easy to learn, and is simple to implement with an SQL Database.

For a web developer, PHP has a built in function to help insure that some sanitation is used on your data before inserting it into your database. On websites that I have set up which require input, I have used the function mysql_real_escape_string, which inserts an escape character wherever a quote is located. A second function that could help sanitize data on your website is htmlentities. By using this, it will translate any html input that the user entered, and converts it into html.

These are just a few suggestions that I have found useful for designing websites.

Advertisements