I am tring to make my PHP as secure as possible, and the two

Question

0

Editorial Team

Asked: May 24, 20262026-05-24T04:13:49+00:00 2026-05-24T04:13:49+00:00

I am tring to make my PHP as secure as possible, and the two

0

I am tring to make my PHP as secure as possible, and the two main things I am trying to avoid are

mySQL Injections
Cross-Side Scripting (XSS)

This is the script I got against mySQL Injections:

function make_safe($variable) {
$variable = mysql_real_escape_string(trim($variable)); 
return $variable;  }

http://www.addedbytes.com/writing-secure-php/writing-secure-php-1/

Against XSS, I found this:

$username = strip_tags($_POST['username']);

Now I want to unite the two into a single function. Would this be the best way to do so? :

function make_safe($variable) {
$variable = strip_tags(mysql_real_escape_string(trim($variable)));
return $variable; }

Or does the mysql_real_escape_string already prevent XSS? And lastly, is there anything else that I could add into this function to prevent other forms of hacking?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T04:13:50+00:00

mysql_real_escape_string() doesn’t prevent XSS. It will only make impossible to do SQL injections.

To fight XSS, you need to use htmlspecialchars() or strip_tags(). 1st will convert special chars like < to < that will show up as <, but won’t be executed. 2nd just strip all tags out.

I don’t recommend to make special function to do it or even make one function to do it all, but your given example would work. I assume.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am tring to make my PHP as secure as possible, and the two

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply