kmaid Posted October 4, 2008 Share Posted October 4, 2008 Need help filtering out XSS and SQL injection currently I validate all my user input using regular expressions but I am worried it may still leave some room for JavaScript or possibly mysql special characters. Currently to make sure I use function libStripInputSlashes() { $input_arr = array(); foreach ($_REQUEST as $key => $input_arr) { $_REQUEST[$key] = htmlspecialchars($input_arr); $_REQUEST[$key] = mysql_real_escape_string($input_arr); } } Are there any better solutions than using this? Thanks Kmaid Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.