xss
How to clean a variable against xss and sql injections attack
By liviu - Posted on December 8th, 2008
Tagged:
How to clean a variable against xss and sql injections attack?
This should be quite efective:
$var=mysql_real_escape_string(trim(htmlspecialchars(strip_tags($_GET['var']))));
- liviu's blog
- Login or register to post comments
How to protect against xss and csrf attacks?
By liviu - Posted on December 8th, 2008
How does csrf attacks work?
An example:
Suppose that you have a page that deletes users, like user_delete.php?id= . On that page you take the id, verify in the session that the user has acces to delete that user, and you delete the user.
- liviu's blog
- Login or register to post comments
- Read more
