mikefrederick Posted February 24, 2008 Share Posted February 24, 2008 i understand what xss is and i have done it before and am looking on clarification on how to prevent it...should I never echo any $_GET variables in a page and instead put them in a mysql_query when possible or what? Link to comment https://forums.phpfreaks.com/topic/92739-xss-clarification/ Share on other sites More sharing options...
tippy_102 Posted February 24, 2008 Share Posted February 24, 2008 You should never trust data that has been entered from an outside source. Clean everything, and you will be save. Don't enter anything into your database before sanitizing. You can echo the GET data, but clean it first. Link to comment https://forums.phpfreaks.com/topic/92739-xss-clarification/#findComment-475210 Share on other sites More sharing options...
Bauer418 Posted February 24, 2008 Share Posted February 24, 2008 You'll want to run htmlentities() before displaying external data, and mysql_real_escape_string() before entering it into a database. On top of that, you should be doing your own manual checks on data before letting it go through your site. Link to comment https://forums.phpfreaks.com/topic/92739-xss-clarification/#findComment-475212 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.