Two simple ways to prevent SQL injection attacks and XSS attacks in PHP

2020-03-31 20:37:12
OfStack

                    Mysql_real_escape_string ()

Select * from CDR where SRC =".$userId; I'm going to change it to $userId=mysql_real_escape_string($userId)

All printed statements such as echo, print, etc. are filtered using htmlentities() before printing to prevent Xss. Note that htmlentities($name,ENT_NOQUOTES,GB2312) are written in Chinese.

IP attacks are upgraded and programs are improved to deal with new attacks
php prevents sql injection sample analysis and several common attacks on regular expressions
PHP implementation code against CC attacks
A Summary of Several Common Attacks on PHP
Summary of regular expressions for common sql attacks in php