Jump to content

Recommended Posts

What is the best way to prevent from XSS, SQL Injections and other forms of attacks when having forms in your PHP application?

 

I have always gone with the mysql_real_escape_string() and the htmlentities() for the SQL and XSS attacks...

 

It's just that I want to know the ways of fully (well, there will always be a way to get through it) sanatize your data input without the use of a database...

 

...and also the ways of fully sanatizing your input data with the use of a database.

 

If anyone could please shed some deeper detail on this, it would be great.

Link to comment
https://forums.phpfreaks.com/topic/174736-security/
Share on other sites

do client side validation with JavaScript(for those who enable it) and then server side with the way you described it. you can also have a seperate mysql user account with specific grants for different forms. a login form would only need the select feature, and a registration form select/insert. in other words, don't allow delete permission when not needed. some would argue that grants slow down your database execution times, but for a webapp i believe it to be a necessity.

Link to comment
https://forums.phpfreaks.com/topic/174736-security/#findComment-921062
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.