Serganator Posted June 20, 2009 Share Posted June 20, 2009 Hi everyone, I've been looking for ideas on how to prevent XSS (Cross Side Scripting). Lot's of website have different suggesting was just wondering what you guys think is the best way i'm using PHP and MYSQL Thanks Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 20, 2009 Share Posted June 20, 2009 VALIDATE THE INPUT! Quote Link to comment Share on other sites More sharing options...
stingwray Posted June 21, 2009 Share Posted June 21, 2009 Using a decent programming framework really takes the effort out of things like this, letting you concentrate on the real stuff, dammit I should like a brochure. For php and mysql I can recommend CakePHP, it will provide you with everything you need, and do what Sparda says, which is the correct answer. Quote Link to comment Share on other sites More sharing options...
Angablade Posted June 26, 2009 Share Posted June 26, 2009 it's easy.. change the < and > and " into < and > and "e; through the input.. in php Rendering most if not all of XSS usless... Quote Link to comment Share on other sites More sharing options...
stingwray Posted July 2, 2009 Share Posted July 2, 2009 it's easy.. change the < and > and " into < and > and "e; through the input.. in php Rendering most if not all of XSS usless... Its not even most, you have to handle all sorts of encodings to be really safe. Quote Link to comment Share on other sites More sharing options...
Rab Posted July 2, 2009 Share Posted July 2, 2009 It's Cross-Site Scripting. With ASP you use command objects for your queries so they are strongy-typed. In PHP you cry. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.