Dream.In.Code > Programming Help > PHP

Welcome to Dream.In.Code
	Getting PHP Help is Easy! Join 136,280 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 2,327 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert

Securing against XSS / SQL injection

Reply to this topic

Start new topic

Securing against XSS / SQL injection

spearfish	11 Oct, 2008 - 12:55 PM Post #1
Monkey in Training Joined: 10 Mar, 2008 Posts: 746 Thanked: 2 times Dream Kudos: 225 My Contributions	Hi all, I have a question on web application security with PHP. My goal is for my app to be vulnerable to neither XSS nor SQL injection. Pretty standard goal I'd say I've whipped up this function to sanitize data: CODE function escape($input) { $clean = htmlentities(mysql_real_escape_string($input)); return $clean; } Will that work, and is it multipurpose like I'm hoping is? Essentially, before any data is put into the HTML stream or the database it goes through something like $data = escape($_GET['data']). By the time this function is called, a valid MySQL connection will have been made, or a fatal error would have been triggered by the application. Thanks, -Spear
	This Post Was Helpful!


Register for Free to Make These Ads Go Away!

Moonbat	RE: Securing Against XSS / SQL Injection 11 Oct, 2008 - 01:29 PM Post #2
D.I.C Regular Joined: 30 Jun, 2008 Posts: 391 Thanked: 22 times Dream Kudos: 600 My Contributions	Do you plan on the user entering any HTML? If not, then you can add strip_tags() to your function as well. Otherwise, that looks fine This post has been edited by Moonbat: 11 Oct, 2008 - 01:29 PM
	This Post Was Helpful!

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 12/2/08 05:25AM

Invision Power Board v2.1.7 © 2008 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | PHP Tutorials | Linux Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

DIC Chatroom

Join our IRC Chat

Bye Bye Ads

Monthly Drawing

Top Contributors

Top 10 Kudos This Month

KYA (50)