Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
PHP 7 Programming Cookbook

You're reading from   PHP 7 Programming Cookbook Over 80 recipes that will take your PHP 7 web development skills to the next level!

Arrow left icon
Product type Paperback
Published in Aug 2016
Publisher Packt
ISBN-13 9781785883446
Length 610 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Doug Bierer Doug Bierer
Author Profile Icon Doug Bierer
Doug Bierer
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Building a Foundation FREE CHAPTER 2. Using PHP 7 High Performance Features 3. Working with PHP Functional Programming 4. Working with PHP Object-Oriented Programming 5. Interacting with a Database 6. Building Scalable Websites 7. Accessing Web Services 8. Working with Date/Time and International Aspects 9. Developing Middleware 10. Looking at Advanced Algorithms 11. Implementing Software Design Patterns 12. Improving Web Security 13. Best Practices, Testing, and Debugging A. Defining PSR-7 Classes Index

Securing forms with a token

This recipe presents another very simple technique that will safeguard your forms against Cross Site Request Forgery (CSRF) attacks. Simply put, a CSRF attack is possible when, possibly using other techniques, an attacker is able to infect a web page on your website. In most cases, the infected page will then start issuing requests (that is, using JavaScript to purchase items, or make settings changes) using the credentials of a valid, logged-in user. It's extremely difficult for your application to detect such activity. One measure that can easily be taken is to generate a random token that is included in every form to be submitted. Since the infected page will not have access to the token, nor have the ability to generate one that matches, form validation will fail.

How to do it...

  1. First, to demonstrate the problem, we create a web page that simulates an infected page that generates a request to post an entry to the database. For this illustration, we will...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image