Jump to content

Recommended Posts

Hi Guys,

 

This is a pretty simple question to the pros, but I need help with security on my site.

 

I have got the sql injection protected with the mysql_real_escape_string, but I found out the other evening about XSS.  It could be potentially very damaging, and it would be pretty easy to fix (as far as I'm aware).

 

I've read many articles on it, but none of them were of any use to me! I just want someone to explain it in simple terms with a worked example for me.

 

An example of where it fails for me is on a message system on my website.  Users could send a message with the javascript in, and it loads up on the other end.  what i need is to do the following:

 

1) Stop the javascript from being saved to the db

2) Stop the user from entering html code that will be saved in the database.

 

I think it has something to do with addslashes and strip slashes, but I don't understand it that well.

 

I would really appreciate it if someone could spend a few minutes giving a logical response.

 

Kind Regards,

James.

Link to comment
https://forums.phpfreaks.com/topic/128613-rookie-security-question/
Share on other sites

Someone else posted this video earlier and Its pretty good.  Its about 46 minutes long.  Look for the PHP Security video....

http://videos.code2design.com/

 

This Tutorial covers Cross Site Scripting (XSS), Cross Site Forgery Requests (CSFR), SQL Injection, globals, and much more!
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.