What are the best practices for avoiding xss attacks in a PHP site

前端 未结 20 2353
佛祖请我去吃肉
佛祖请我去吃肉 2020-11-22 02:34

I have PHP configured so that magic quotes are on and register globals are off.

I do my best to always call htmlentities() for anything I am outputing that is derive

20条回答
  •  北恋
    北恋 (楼主)
    2020-11-22 03:13

    I find that using this function helps to strip out a lot of possible xss attacks: http://www.codebelay.com/killxss.phps

提交回复
热议问题