Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
i am into php coding for 1 year now. i don’t know everything or consider myself professional.but i want to write clean hacker proof coding. i tried to research for example how to stop XSS attacks.but it seems that there is a lot of expressions and a lot of vulnerabilities. i tried htmlawed and html purifiers. but not every simple form or script i write will need heavy script to make it secure. so what i need is : is there a coding style that i can follow that make my coding secure?
Basically, to avoid XSS, you have to make sure no HTML can be injected by the users into the HTML output of your page.
The simplest way of doing that is to use functions such as
htmlspecialchars()on any output that goes to the browser as HTML.This means that, if anyone inputs something like this *(simple example)* :
The HTML of your page will contain :
And no HTML / Javascript code that could be interpreted.