A website is said customized to every user, when it accepts data from users and saves them so that the user is given a customized way of UI when he/she revisits the site again.
The data majorly accepted from users is through web forms. Once a user submits the form the data is then used by scripting languages. One mistake beginners do is, they don’t sanitize the data before they start manipulations. This could be fine to some extent but once a notorious gets to know this, then the site is at risk of leaking data. SQL Injection is the most common problems now a days in beginners websites where user input isn’t validated or poorly validated.
Following these simple steps will help in keeping your website safe.
- Use HTML5 input tags with type specified so that browser does its best to stop a user from submitting invalid input.
- Don’t just rely on user end programs for getting valid input as they can be easily manipulated using different tools and invalid input can always be sent. It’s always a good practice to validate input at both ends.
- PHP Sanitize filters comes in handy when you wish to keep everything simple.
- Make sure you are not trusting your user at all.
If I miss any, please let me know through comments.