Guide into protecting your form inputs from XSS
im gonna show you a short tutorial about filtering form inputs, correct me for any mistake.
if you dont know what xss is click here
now lets move to examples
tip: we are using the post method that means when the user submit data it remain submit.php and not submit.php?blablabla (get method)
this are mostly the same but dont use get when submitting password since it will show at url
here submit.php
as you can see at submit.php we used an function to make things easy
Lets explain them:
trim-removes spaces at beginner and end and newlines
stripslashes-it removes backslashes \
htmlspecialchars-it encodes charachters who cause xss to make them safe
strip_tags-it removes html tags
for more read at myphpform.com
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment