The code -
$price = mysqli_real_escape_string($connect,trim($results['price']));
the price is retrieved from the database and then repeated using -
echo $price;
Question. How safe is it for XSS or SQL Injection? It just includes numbers.
thank
Validation should probably be performed during data entry, but you can be safe and also validate on exit. I would just use is_numericor something similar to ensure that the output is really a number.
is_numeric
htmlspecialchars() htmlentities() XSS. , , , . .
htmlspecialchars()
htmlentities()
, , $results['price'] .
$results['price']
/ SQL.
db, mysqli_real_escape_string(). , db.
mysqli_real_escape_string() , , SQL. XSS.
htmlentities(), , . is_numeric .
Source: https://habr.com/ru/post/1795335/More articles:Migration from YUI2 to YUI3 and early - domreadyUITableView does not respond to scrolling and touches - iosProblem with ASP.NET application pointing to wrong database - sql-serverProblem with PHP and MySQL (mysql_query) - phpHow do I know if a user has changed to save state if necessary? - c #https://translate.googleusercontent.com/translate_c?depth=1&pto=aue&rurl=translate.google.com&sl=ru&sp=nmt4&tl=en&u=https://fooobar.com/questions/1795336/are-these-jquery-element-tests-totally-unnecessary&usg=ALkJrhjUxNxLIneRYnxsUoPGQUtX0Y2K9QКак использовать аутентификацию Google App для пользовательского веб-приложения PHP? - phpIn Java, empty HashMap space allocation - javaНаследование из базового класса System.Web.UI.UserControl - inheritanceАвтоматический вход с учетной записью Active Directory в С# ASP.Net Website - authenticationAll Articles