I have to check something here, I know that they are filtered with some code, they are same as input The code gets in the line, here I have done after receiving the code, in sequential order, is it also acceptable? Or do I have to find anything to filter data in a row and avoid data at the same time to get the data? Here's a sample that's talking about ...
// Get the data and to stop the XSS attack, $ user = htmlentities ($ _ POST ['email'] , ENT_QUOTES, 'UTF-8'); $ Pass = HTMLentities ($ _ POST ['pass'], ENT_QUOTES, 'UTF-8'); // MySQL injection prevention $ userdata = mysql_real_escape_string ($ user); $ Passdata = mysql_real_escape_string ($ pass); Thoughts?
The main reason I am trying to get a MySQL injection attempts and avoid here < mysql_real_escape_string Use for p> There are some cases where invalid multi-byte encoding using SQL attacks ( "code adds Is not contrary to, this can be done with such attack with mysql_real_escape_string ) if only characters are encoded You should also use it when you interact with MySQL.
Regarding XSS, consider consolidating.
HTML Prufifayr not a standard-compliant HTML filter written in PHP library HTML Prufr not only known fully audit all malicious code (better XSS safe and acceptable whitelist) will be reduced, it RT Will ensure that your document standards, something that can only be achieved with extensive knowledge of the specifications of the W3C.
Comments
Post a Comment