PHP Security: XSS & SQL Injection

Asked Aug 27 '14 at 07:54

Active Aug 27 '14 at 07:54

Viewed 42 times

I wanted to know what is the best way to prevent SQL Injection & XSS in PHP.

To prevent SQL Injection, we can escape the user input using mysql_real_escape_string() along with strip_tags(). Can we do anything else to make it more secure.

And, to prevent XSS, we can use strip_tags() along with strong data validation at server side.

Also, while sending the output to browser, we can use htmlspecialchars() to prevent the browser from applying any unintended meaning to any special sequence of characters that may be found.

Anybody can tell me, what else can be done to prevent the same?

asked Aug 27 '14 at 07:54

user2538076

[What are the best practices for avoiding xss attacks in a PHP site](http://stackoverflow.com/q/71328/476) – deceze Aug 27 '14 at 07:58
[The Great Escapism (Or: What You Need To Know To Work With Text Within Text)](http://kunststube.net/escapism/) – deceze Aug 27 '14 at 07:59

PHP Security: XSS & SQL Injection

0 Answers0