+ 1

How to prevent Cross scripting?

I have a variable $query I need want to echo$query, before that I will like to sanitize it so that there will be nothing that can cause Cross scripting. what is the simple and effective way to do that? $query is a varchar

7th Apr 2018, 3:40 AM
Nithin
Nithin - avatar
1 Réponse
+ 7
Nithin A simple way to prevent XSS injection from happening is to html encode all HTML data. You can do this with something like: echo htmlentities ( trim ( $query ) , ENT_NOQUOTES ); You can use the htmlspecialchars() function for encoding a subset of offending characters. Here's a good article with 14 minute video giving you more details on how to prevent XSS attacks in PHP. https://www.johnmorrisonline.com/prevent-xss-attacks-escape-strings-in-php/
7th Apr 2018, 5:28 AM
David Carroll
David Carroll - avatar