How to leave my registration form for my secure database?

-1

Hello I have a website and I use this following form to script projects, but I need a secure form, because if I go in to inspect the element on my page and change the value of my option that was Administrative support for c * he will save in my db as c * I wanted this value had no way to edit and tbm needed something for anti injection, spam and CSRF or XSRF, but I do not know implement since I am very lazy in PHP, if anyone can help with any tips anything or a script that protects me from all of this thanks

<?php
if(count($_POST)>0) {
    require_once("conexao.php");
    $sql = "INSERT INTO classificados (titulo, categoria, valor) VALUES ('" . $_POST["titulo"] . "','" . $_POST["categoria"] . "','" . $_POST["valor"] . "')";
    mysqli_query($conn,$sql);
    $current_id = mysqli_insert_id($conn);
    if(!empty($current_id)) {
        $message = "New User Added Successfully";
    }
}
?>

A part of my form

<form name="frmUser" method="post" action="">
<div class="col-md-4 col-sm-12 search-col">
<div class="input-group-addon search-category-container">
<label class="styled-select">
<select required="" class="dropdown-product selectpicker" name="categoria">
<option value="">Todas Categorias</option>
<option class="subitem" value="IT & Programacao"> IT & Programação</option>
<option value="Design e Multimedia"> Design e Multimedia</option>
<option value="Tradução e Conteúdos"> Tradução e Conteúdos</option>
<option value="Marketing e vendas"> Marketing e vendas</option>
<option value="Suporte administrativo"> Suporte administrativo</option>
<option value="Finanças de Administração"> Finanças de Administração</option>
<option value="Engenharia e Manufafuta"> Engenharia e Manufafuta</option>
<option value="Legal"> Legal</option>
</select></label>
</div>
</div>
    
asked by anonymous 14.01.2018 / 20:45

1 answer

0

As already pointed out in the comments, the correct thing would be you study about security and how to implement this in PHP and, if you have any more specific questions, ask here. What we can do is give some tips and you research each one better.

The first security tip is to ALWAYS validate the data that arrives on your back end. If you do this you will already be preventing yourself from various attacks. Keep in mind that validations on the front end are just to enhance the user experience.

The second day is to always check if the user is allowed to do some operation on your site. The easiest way to do this is to use session

The third day is always to escape your data before sending it to your database and mainly use a drive to connect and do operations with your bank. PHP offers, for example the PDO.

Of course, that's not all, but it's a start. If I stayed these 3 things will already avoid many attacks.

    
14.01.2018 / 22:52