what are the best practices to prevent sql injections
I have done some research and still confused, This is my outcome of that research. Can someone please comment and advise to how I can make these better or if there is a rock solid implementation...
View ArticlePHP Prevent xss
Is htmlentities best solution to prevent XSS in PHP? Also I would like to allow simple tags like b, i, a and img. What would be the best solution to implement this? I did consider bbcode but found out...
View ArticleUsing DOMDocument to Parse HTML with JS code
I take HTML in as a string and then I parse it to change all href links to something else. This works however, when the HTML page has some JS script tags i.e. Gets Changed to:[removed][removed]...
View ArticleHow to deal with oriental characters? [closed]
How do you deal with crazy characters, that does not have a special meaning for the browser and thus htmlspecialchars() won’t catch them (I mean they are XSS safe), but they break your site appearance...
View ArticleCodeigniter html to database question
I’m working on a website witch allows users to submit blog posts, however, there seems to be a little problem. I’m using global_xss_filtering (TRUE) so everything will be filtered out.But, when I’m...
View ArticleHow to block all users from a site in case of emergency?
I’m developing a game in PHP+Mysql that is hosted in a shared web hosting.I’m very concerned of the security, because in games is very common that some people try to cheat or broke the game.Until now,...
View ArticlePHP Security Flaws? [closed]
Our team is developing a web app in the financial space using PHP. The big question that comes up first is always security related. What are the main security risks associated with PHP or scripted...
View ArticleClik here to view.
Tinymce and javascript – PHP Validation
I’m using Tinymce on my blog writing, but there seems to be a problem when using htmlspecialchars with PHP. All my tags etc, shows up, and i want the styling of the P tag. Is there any way i can fix...
View ArticleClik here to view.
PHP_SELF and SCRIPT_NAME – XSS attacks edition
PHP_SELF opens up a page to XSS attacks when code such as echo $_SERVER['PHP_SELF'] is included, but what about SCRIPT_NAME? Since it does not include path info, is this safe to use? I know you can use...
View ArticleKohana SQL Prepared Statement Safety
On the Kohana prepared statement documentation it statesAlthough all parameters are escaped to prevent SQL injection, it is still a good idea to validate/sanitize your input.From what I read on...
View Article