Assignment 11, Website Development, CCV Spring 2017

Research - Forms:



Question 1:

Since I already knew how to build forms, and did google sites form last semester, I decided to take a stab at something much more complex this semester: Adding form security to my HTML forms. Using the examples in the textbook, I made my inputs type specific, which should eliminate the risk of invalid form entries. This also validates the form input content, to ensure it is in the correct format. I also use a form format that calls each form element specifically by name, which eliminates a few more security vulnerabilities. I know I could do more, but I need to learn the scripting languages better before I can really understand what my scripts are doing well enough to add complex security features to them.

Some of the multitudes of webpages I referred to during this process:

PHP Security Guide: Form Processing
Very detailed, but beyond the scope of my current knowledge.

Serious Form Security
Completely useless code snippets since they are not in any specific logical order or listed with any elaboration on how/where they are inserted into a page's code. This broke my form, so I gave up and looked for something with more instruction.

Part 1: PHP Security: User Validation and Sanitization for Beginners
I think I need to know more PHP before I can implement this into my form, all my attempts broke it (probably because I'm using javascript as well to send me the form data via email and I just don't know the syntax of either scripting language well enough to find the errors).

Essential PHP Security by Chris Shiflett - Add a Token to a Form
After many tries using various sites, this one finally was simple enough for me to figure out HOW and WHERE in my code to inject the code snippet.