random1 Posted February 23, 2008 Share Posted February 23, 2008 Hi All, I've got the following code for XSS and JS Injection filtering: /** * Validator::filterJavascriptInjection() * Filters a string to prevent Javascript Injection attacks. * @param mixed $data * @return $outputdata */ function filterJavascriptInjection($data) { // Source: http://www.avengex.com/tutorials/115/Preventing_XSS/ return $outputdata = preg_replace("#<script#is","<//script",$data); } /** * Validator::filterJavascriptInjection() * Filters a string to prevent Cross-site Scripting (XSS) attacks. * @param mixed $data * @return $outputdata */ function filterXSS($data) { // Source: http://www.avengex.com/tutorials/103/Simple_but_effective_user_input_securing/ $outputdata = htmlspecialchars($data); //$input will now contain the ascii equivalents to all html chars like < $outputdata = addslashes($outputdata); //this will add slashes to negate the effect of an sql injection $outputdata = stripslashes($outputdata); //this now removes all the funny slashes. BUT the code is still safe for a browser return $outputdata; } This doesn't seem to be working properly. Also how do I protect my app against SQL Injection? Quote Link to comment Share on other sites More sharing options...
drisate Posted February 23, 2008 Share Posted February 23, 2008 You can find a solution in this topic http://www.phpfreaks.com/forums/index.php/topic,183741.0.html Hey Barand you should stiky a version on that code roopurt18 did lol (gona ask again and again lol) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.