Home / Forms

Unvalidated Redirects and Forwards Security Vulnerabilities in PHP

September 3, 2014 PHP Authentication, Forms, Security

Unvalidated redirects and forwards are when an application uses untrusted data to redirect a user to a new webpage. This poses a security threat since an attacker can use the application to redirect unsuspecting users to a malicious site in a phishing scam. more…

Preventing SQL Injection in PHP

September 2, 2014 PHP Forms, Security

SQL Injection is a vulnerability that allows an attacker to insert or inject a SQL query into an application. Injection is number one vulnerability on the OWASP Top Ten list for 2013. Common ways to exploit this vulnerability is to add a SQL statement into a form element or by sending POST/GET requests with the query using known parameters. The risk of SQL injection is loss or compromise of critical or sensitive data. more…

Include Javascript or CSS to a Drupal Form using #attached

May 23, 2014 PHP Drupal, Forms, jQuery

If you’re creating a form using Drupal and find you want to add some javascript or CSS then you can use the “#attached” attribute to do so. Using “#attached” you can include local javascript/CSS files, external javascript/CSS files, or inline styles and scripts. more…

Create a Custom Form Field Type in Symfony 2

October 3, 2013 PHP Forms, Symfony

The form builder in Symfony 2 is very flexible and has dozens of field options, but there will inevitably come a time when you need to create your own custom form field. The Symfony Cookbook has a great article on how to create a custom form field type and use it in your project. more…

Override Symfony 2 Form Element Twig Template

October 3, 2013 PHP Forms, Symfony

It is possible to change the way a form element is rendered in a Symfony 2 project by overriding the Twig template. You can do this on a per-form basis by including the form element’s block right in your view, or you can make the change application-wide. more…

Define a Symfony 2 Form as a Service

August 29, 2013 PHP Forms, Symfony

If you use the Symfony 2 form builder and create your form types as classes then you may already know that you can define those form types as services and call them in your controller. That process is well documented in the The Book, and works very well. I have an alternative solution more…

Adding an AJAX Login Form to a Symfony Project

August 27, 2013 Javascript, PHP AJAX, Authentication, Forms, Symfony

Adding an AJAX powered login form to a Symfony 2 project is pretty simple, but there are a few things to cover. The first is that the Symfony firewall handles authentication by sending a form to the route defined in the app/config/security.yml as the check_path for the firewall. So to login using AJAX, a form needs to be posted to that route along with a few fields, _username, _password, _remember_me, and if you’ve enabled CSRF for your form, the _csrf_token, field. more…

Adding an AJAX Login Form to a WordPress Theme

August 27, 2013 Javascript, PHP AJAX, Authentication, Forms, Wordpress

Adding a front end login form that uses AJAX to log users in is a relatively simple procedure, but requires a little understanding about how WordPress handles authentication. WordPress offers a great function to enable us to log users in programmatically called wp_signon. more…

Implementing CSRF Protection in PHP

August 27, 2013 PHP Forms, Security

Cross-site request forgery [CSRF] is a type of attack where a user is tricked/forced into performing an unwanted action on a friendly website that they are authenticated with. For example, if a user is logged into their bank and then visits a malicious site, it is possible that the malicious site can use the user’s session to make requests to the bank server. more…

Web Tips

Articles tagged with "Forms"