Re: advice on sql injection/XSS prevention

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

on 04/05/2007 11:17 AM Bing Du said the following:
> Hi,
> 
> I'm not an experienced PHP developer.  We're hosting a content management
> system that allow authorized people to add PHP contents.  Their PHP coding
> levels varies.  Some are very security sensitive, but some are not.  I
> want to know if PHP has any ready-to-use funtion to validate form input to
> help prevent SQL injection/XSS?  So each programmer doesn't have to write
> their own form validation code.  I'd appreciate any advice or pointers.

You may want to take a look at this article. It explains the security
problems of publishing unaudited HTML and how XSS can be prevented even
without filtering.

http://www.phpclasses.org/blog/post/55-Improved-browsing-and-cross-site-scripting-prevention.html

-- 

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux