dprichard Posted January 29, 2008 Share Posted January 29, 2008 Okay, I am just learning about cross site scripting and was trying to clear up some questions I have. When I have user submitted information and it is going into a database I have been using mysql_real_escape_string to stop sql injections. I have just recently learned about XSS and am trying to make sure I understand when and how to protect my sites and users from this. 1. When I insert data into a database do I need to just use mysql_real_escape_string or do I also need to filter the data for XSS input? 2. To filter for XSS is it okay to just use htmlspecialchars or do I need to use a special function as well. 3. I found this function at quickwired is this sufficient and if I use this should I not use htmlspecialchars or should I use both? http://quickwired.com/smallprojects/php_xss_filter_function.php Sorry if I sound like a noob, but I want to make sure I have just started hand coding everything versus using dreamweaver coding and want to make sure I handle this the right way. Link to comment https://forums.phpfreaks.com/topic/88455-xss-cross-site-scripting-function-sql-injectsions/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.