Morning all,
I am quiet a novice when it comes to php, only been coding for about 2-3 months, and I really havent encountered any issues, the site im working on uses parameters in URLS (e.g. test.php?s=222200ssskkk)
However when I run my site through Acunetixs i get XSS and HPP issues, I have tried applying some php code to prevent this at the $_GET point on the pages that use the params,
this is my code
$s = ereg_replace('#\W#', "",htmlentities(substr(strip_tags($_GET['s']),0,50),ENT_QUOTES));
however it would appear that acunetix is changing the value of $_GET['s'] before it hits these so the XSS and HTTP p issues still arise?
Can anyone advise how i should sanitize this first?
also on a similar issue i use the string above to sanitize before saving to mySQL database, yet i still see characters like () :// and such, what have i missed here?
Steve
x