-3

I have 2 fields(text box in html form) user_name and password.

example= <?php
$mail = $_POST['mail'];
$pswrd = $_POST['passwrd']; $addtouser = $mysqli->query("INSERT INTOuser_table(emails,passwordss) VALUES ('$mail', '$pswrd')"); ?>

How to secure Password field from SQL Injection and XSS (Cross Site Scripting) in php 5.6 and mysql on INSERT and select query ?
is password field accept all special characters like as " , ' , > etc ?
‌i am new in php, ‌i need full example code and security tips that prevent password field from sql injection and xss.
sorry for bad typing. i am new in stackoverflow. Thanks in advance !!!

hitakb
  • 11
  • 5
  • 1
    there's a lot to this question really. Hash the password before storing it, re-hash login attempts to compare against the db version. Use https. limit login attempts to prevent brute force... the list goes on. – Chase Florell May 02 '18 at 17:18
  • 1
    you're going to get down votes and close votes with your question in it's current state. I suggest editing your question to make it clear what you've tried and what your direct issue is. – Chase Florell May 02 '18 at 17:20

1 Answers1

-1

Prepared statements are one of the best ways to prevent SQL injections. i.e..xss,

using PDO, have a look at this page

php.net/manual/en/pdo.prepared-statements.php

PHP's input filters

https://coding.smashingmagazine.com/2011/01/keeping-web-users-safe-by-sanitizing-input-data/

sanitization functions

http://php.net/manual/en/filter.filters.php

similimar question:

What's the best method for sanitizing user input with PHP?

What are the best PHP input sanitizing functions? How can I prevent SQL injection in PHP?

Diego Avila
  • 700
  • 7
  • 24