Foiling_Cross-Site_Attacks
Figure 1 illustrates how this form appears in a web
browser.
Of course, more important than this form is the script
that receives it. If the data being submitted in the form
is not properly validated, malicious users can insert a
dangerous script or worse, and your only hope is that
the malicious user isn’t very creative in their attack.
Consider that the registration data is stored in a database
and that the SQL statement used to store this data
is generated as follows: