Jump to content

XSS Cross Site Scripting Function SQL Injectsions


dprichard

Recommended Posts

Okay, I am just learning about cross site scripting and was trying to clear up some questions I have. When I have user submitted information and it is going into a database I have been using mysql_real_escape_string to stop sql injections. I have just recently learned about XSS and am trying to make sure I understand when and how to protect my sites and users from this.

 

1. When I insert data into a database do I need to just use mysql_real_escape_string or do I also need to filter the data for XSS input?

 

2. To filter for XSS is it okay to just use htmlspecialchars or do I need to use a special function as well.

 

3. I found this function at quickwired is this sufficient and if I use this should I not use htmlspecialchars or should I use both?

 

http://quickwired.com/smallprojects/php_xss_filter_function.php

 

Sorry if I sound like a noob, but I want to make sure I have just started hand coding everything versus using dreamweaver coding and want to make sure I handle this the right way.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.