What is the best way to clear information from the public?

Question

What is the best way to clear information from the public?

So, I have a form that accepts some input from a user, which can later be presented on the page.

The way I'm going to do this from a security point of view is to take an input, apply the mysql_real_escape_string () function to all the inputs, and then paste it using a prepared statement.

When retrieving the data, I will do htmlspecialchars () before presenting it on the screen.

Will it be okay? I do not notice something important?

+3

security php mysql

Evernoob 10 sept. '09 at 16:23

source share

2 answers

, , . , XSS. XSS:

http://ha.ckers.org/xss.html

, , . :

http://www.chipmunkninja.com/Helping-Prevent-XSS-Attacks-in-2@ http://shiflett.org/blog/2007/mar/allowing-html-and-preventing-xss

+1

yoda 10 . '09 16:33

Pascal MARTIN · Accepted Answer · 2009-09-10T16:28:46+0000

Two things:

You should avoid entering all data before sending it to the database. for this:
- mysql_real_escape_string - ,
- , : .
- , : @longneck , , , - .
; HTML, htmlspecialchars htmlentities .

, , , HTML; , .

: , HTML, , HTMLPurifier - , / .

What is the best way to clear information from the public?

More articles: