Two simple ways to prevent SQL injection attacks and XSS attacks in PHP
- 2020-03-31 20:37:12
- OfStack
Mysql_real_escape_string ()
Select * from CDR where SRC =".$userId; I'm going to change it to $userId=mysql_real_escape_string($userId)
All printed statements such as echo, print, etc. are filtered using htmlentities() before printing to prevent Xss. Note that htmlentities($name,ENT_NOQUOTES,GB2312) are written in Chinese.
Select * from CDR where SRC =".$userId; I'm going to change it to $userId=mysql_real_escape_string($userId)
All printed statements such as echo, print, etc. are filtered using htmlentities() before printing to prevent Xss. Note that htmlentities($name,ENT_NOQUOTES,GB2312) are written in Chinese.