Goose87 Posted October 15, 2008 Share Posted October 15, 2008 Hi Guys, This is a pretty simple question to the pros, but I need help with security on my site. I have got the sql injection protected with the mysql_real_escape_string, but I found out the other evening about XSS. It could be potentially very damaging, and it would be pretty easy to fix (as far as I'm aware). I've read many articles on it, but none of them were of any use to me! I just want someone to explain it in simple terms with a worked example for me. An example of where it fails for me is on a message system on my website. Users could send a message with the javascript in, and it loads up on the other end. what i need is to do the following: 1) Stop the javascript from being saved to the db 2) Stop the user from entering html code that will be saved in the database. I think it has something to do with addslashes and strip slashes, but I don't understand it that well. I would really appreciate it if someone could spend a few minutes giving a logical response. Kind Regards, James. Quote Link to comment https://forums.phpfreaks.com/topic/128613-rookie-security-question/ Share on other sites More sharing options...
MadTechie Posted October 15, 2008 Share Posted October 15, 2008 I don't have much time so this is a quickie read up on strip_tags() and htmlentities() and htmlspecialchars() Quote Link to comment https://forums.phpfreaks.com/topic/128613-rookie-security-question/#findComment-666548 Share on other sites More sharing options...
dropfaith Posted October 15, 2008 Share Posted October 15, 2008 this probably isnt the cleanest code but apparently works as ive posted for people to test my security and passed $cContact = mysql_real_escape_string($_POST['Contact']); $Contact = htmlentities($cContact,ENT_QUOTES,"utf-8"); Quote Link to comment https://forums.phpfreaks.com/topic/128613-rookie-security-question/#findComment-666552 Share on other sites More sharing options...
CroNiX Posted October 15, 2008 Share Posted October 15, 2008 Someone else posted this video earlier and Its pretty good. Its about 46 minutes long. Look for the PHP Security video.... http://videos.code2design.com/ This Tutorial covers Cross Site Scripting (XSS), Cross Site Forgery Requests (CSFR), SQL Injection, globals, and much more! Quote Link to comment https://forums.phpfreaks.com/topic/128613-rookie-security-question/#findComment-666557 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.