Hello, on 04/05/2007 11:17 AM Bing Du said the following: > Hi, > > I'm not an experienced PHP developer. We're hosting a content management > system that allow authorized people to add PHP contents. Their PHP coding > levels varies. Some are very security sensitive, but some are not. I > want to know if PHP has any ready-to-use funtion to validate form input to > help prevent SQL injection/XSS? So each programmer doesn't have to write > their own form validation code. I'd appreciate any advice or pointers. You may want to take a look at this article. It explains the security problems of publishing unaudited HTML and how XSS can be prevented even without filtering. http://www.phpclasses.org/blog/post/55-Improved-browsing-and-cross-site-scripting-prevention.html -- Regards, Manuel Lemos Metastorage - Data object relational mapping layer generator http://www.metastorage.net/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
