Report post Posted June 12, 2017 Really simple small 'tutorial' Now as an example, I've seen people use this: <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <!-- form contents --> </form> Please NEVER use this. This is vulnerable to XSS because there's no htmlentities. The xss code gets reflected and executed. What you should do: <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> What happens is that the htmlentities breaks the <script> part of a xss injection. The injection then will not work. You can also use strip_tags. Example of mysql real escaping: $xdd = $_POST["xdd"]; $xdd = mysqli_real_escape_string($xdd); $xdd = htmlentities($xdd); You can also add some javascript stuff to your register. I created some javascript register here: https://pastebin.com/EWs5RgSS This includes: Disallow special characters Max length Password generator Email can only contain regex These also make xss impossible 1 Share this post Link to post Share on other sites
Report post Posted June 12, 2017 I edited your topic to put your code inside the code tags, make sure you do so whenever you post code. Nice topic Zaseth, I am sure this will help a lot of users who want to make their own registration/login form. Share this post Link to post Share on other sites
Report post Posted June 12, 2017 2 minutes ago, Kevin said: I edited your topic to put your code inside the code tags, make sure you do so whenever you post code. Nice topic Zaseth, I am sure this will help a lot of users who want to make their own registration/login form. I'm on a phone so Lmao. Dropping a lot of my stuff in content releases tomorrow. Share this post Link to post Share on other sites
