发表新帖
发表新帖

How to escape output in PHP

后端 未结
关注
3 567
深忆病人
深忆病人 2020-12-19 17:37

I am a newbie, just to be clear. I hear a lot about escaping data to prevent XSS attacks. How do I actually do that?

This is what I am doing currently -
3条回答
  • 臣服心动
    臣服心动 (楼主)
    2020-12-19 17:53

    If you output the data to html you should use htmlspecialchars() else, if you're storing the data in a database you should escape strings using mysqli_real_escape_string() and cast numbers (or use prepared statements for both) and protect identifiers/operators by whitelist-based filtering whem.

    Both these methods are all you need if you use them the correct way.

    0 讨论(0)
 看不清?
提交回复
热议问题