So, A project I'm working on requires me to provide my clients with a form to put on their website.
When my clients' user fills and submit the form, the data is supposed to be inserted into my database.
Now, I can create a php file the client can use in form action
with a database user
with only INSERT
privilege on one particular table, but that still leaves that table vulnerable to data stuffing with Database connection
details.
So, how can I make sure that data is only inserted into the table via the form and not manually to prevent stuffing?
P.S. open to other suggestions on how to achieve this securely too, thanks.