Writing Secure Code

  • Todd Tomlinson
  • John K. VanDyk


After reading this chapter, you should know
  • That you should never, ever trust input from the user.

  • How you can transform user input to make it safe for display.

  • How to avoid XSS attacks.

  • How to avoid SQL injection attacks.

  • How to write code that respects node access modules.

  • How to avoid CSRF attacks.

  • How Drupal protects uploaded files.

  • How to avoid e-mail header injections.


User Input Favorite Color Plain Text Security Breach File Upload 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Todd Tomlinson and John K. VanDyk 2010

Authors and Affiliations

  • Todd Tomlinson
  • John K. VanDyk

There are no affiliations available

Personalised recommendations