0

I want to protect my site from hacking. Currently I know about XSS and SQL injection.

Do I need to use mysqli instead of mysql? And why?

When should I use htmlentities() and striptags()?

I also don't want users to upload melicious files and since I accept file uploading, is it enough to check file type? If not what can I do to prevent this?

My website runs on PHP, is there anything else I should worry about?

2
Contributors
4
Replies
25
Views
1 Week
Discussion Span
Last Post by alan.davies
1

I'm afraid this is a huge list that would take a huge amount of work to explain. Perhaps you should ask a series of simple questions, all with suitable titles, so that they can be searched and accessed easily by others.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.