Webmaster World Forum http://www.webmasterworld.com

Page is a not externally linkable
- Code, Content, and Presentation
-- PHP Server Side Scripting
---- Cleaning all Inputs

jbroder - 7:51 pm on Sep 21, 2011 (gmt 0)

To prevent sql injection and xss attacks, you might add something like this:

$str = strip_tags($str);
$str = preg_replace("/[':&#()]/","",$str);

It is probably not a complete list, but it's a start. I'd love to see somebody tell me how to improve it.

Thread source:: http://www.webmasterworld.com/php/4365034.htm
Brought to you by WebmasterWorld: http://www.webmasterworld.com