phrenic Posted October 23, 2008 Share Posted October 23, 2008 hey all. i've developed several web apps in my time, but i really havent hammered down the best way to handle xss attacks. this seems like the most obvious solution to me, but maybe im wrong. please give any input that comes to mind. use html_entities on all values in $_POST and $_GET when inserting data into mysql always use mysql_real_escape_string() when retrieving data from mysql its already xss safe thanks! Quote Link to comment https://forums.phpfreaks.com/topic/129805-xss-cross-site-scripting-your-opinion-wanted/ Share on other sites More sharing options...
CroNiX Posted October 23, 2008 Share Posted October 23, 2008 What you outlined is a good start. Check out the 'php security' video on this site...its pretty good. http://videos.code2design.com/ Quote Link to comment https://forums.phpfreaks.com/topic/129805-xss-cross-site-scripting-your-opinion-wanted/#findComment-672917 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.