There is a simple contact form with my name, email, a selection list and Texter. In my mailer php script I have a SQL injection Or trying to add a simple filter to prevent other forms of hacking.
For example, I am using
$ name = filter_input (INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS); Is that good? First of all, I tell you about 85% of the security practices are done with 2 functions.
First of all, if someone sends some data to your site such as $ _ POST ['name'] , And you want to use this value back on the html side such as & lt; P & gt; Low string: {$ _POST ['name']} is invalid & lt; / P & gt; Then you should always make sure that the value is through, it will protect mostly of XSS efforts
The next injection is, if $ _ POST ['name'] Going to your database just make sure you use it for that value.
which will give you 100% protection from SQL injection, but this means that your DB can not run the command from the user, which does not mean
- Li>
- and < / Ul>
This is called Validation and is only required to ensure that the data is submitted to the user you want, such as filter_var Will be used to validate that the email they put in is an email or something blah blah
Do I usually have a clean work to ensure the tent To run that all attributed data is clean with htmlspecialchars
example:
function clean ($ array) {foreach ($ array $ key = & gt; ; $ Val) {if (is_array ($ val)) {$ array [$ key] = Clear ($ val); // recursive} and {$ array [$ of] = htmlspecialchars ($ val, ENT_QUOTES); }} Returned the $ array; } Then do the following to ensure that you are safe from XSS:
$ _ GET = clean ($ _ GET); $ _POST = clean ($ _ POST); So if any & lt; A href = 'test' & gt; Test & lt; / A & gt; attempts to submit the value to & amp; ; Lt; A href = & amp; # 039; Testing & amp; # 039; & Gt; Test and lift; / A & gt
Comments
Post a Comment