8

Possible Duplicate:
What are the best practices for avoid xss attacks in a PHP site

I need to prevent XSS attacks in PHP code, is there nay good and easy library for this?

Community
  • 1
  • 1
newbie
  • 24,286
  • 80
  • 201
  • 301

5 Answers5

11

Security is not a product. It's a process.

If you rely on a library for security you're doomed to being attacked one time or another.

Anyway, you could sanitize your inputs with standard php functions (i.e. htmlspecialchars())

Federico klez Culloca
  • 26,308
  • 17
  • 56
  • 95
4

There are lots of PHP functions that can assist you in preventing XSS attacks. Take a look at these:

strip_tags

http://php.net/manual/en/function.strip-tags.php

htmlspecialchars

http://php.net/manual/en/function.htmlspecialchars.php

Finbarr
  • 31,350
  • 13
  • 63
  • 94
  • htmlentities is better to be removed from the list. as this function is obsolete and dirty – Your Common Sense Apr 16 '10 at 10:38
  • Such a torrent of dirty functionality that it is hard to keep up with what is actually usable in PHP. – Finbarr Apr 16 '10 at 11:59
  • Um, what? htmlentities is alive and well, and usually preferrable to htmlspecialchars http://php.net/manual/en/function.htmlentities.php – Kzqai Feb 26 '13 at 21:59
1

Theres alot of good answers on google, first one I found; http://codeassembly.com/How-to-sanitize-your-php-input/

My main advice would be to consider every input as a direct attack.

So convert to html characters. Add slashes.

azz0r
  • 3,283
  • 7
  • 42
  • 85
0

http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Ivan
  • 1
-2

htmlspecialchars()

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345