Ways I can protect my site excluding XSS and Sql injection?

前端 未结 6 1340
Happy的楠姐
Happy的楠姐 2021-02-10 00:38


So, members of my website can post topics, replies, comments, edit them and so on. I always use htmlspecialchars and addslashes for html inputs to

6条回答
  •  伪装坚强ぢ
    2021-02-10 01:26

    You should use prepared statements (see PDO) to prevent SQL injection. When outputting the content htmlspecialchars() seems sufficient to prevent XSS.

    Also take a look at these links for more ways to protect your site:

    http://phpsec.org/projects/guide/

    http://cwe.mitre.org/top25/#Listing

    http://www.owasp.org/index.php/Top_10_2010-Main

提交回复
热议问题