I want to protect my site from hacking. Currently I know about XSS and SQL injection.
Do I need to use mysqli instead of mysql? And why?
When should I use
I also don't want users to upload melicious files and since I accept file uploading, is it enough to check file type? If not what can I do to prevent this?
My website runs on PHP, is there anything else I should worry about?