Security matters. How can I guard against things like SQL injection or cross-site scripting? It will be really helpful if somebody could help.
jayashree10
15
Newbie Poster
Dani
4,084
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
The best way to prevent SQL injection attacks is to make sure that all strings passed into SQL queries, especially if they are derived from user-generated input, are properly escaped. If using MySQL with PHP, you can use the mysqli::real_escape_string() function. Other databases have equivalent functions.
To prevent cross-site scripting attacks, you similarly want to make sure that all text derived from user-generated input is HTML escaped. If using PHP, you can use the htmlspecialchars() function.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.