get and post filtering for xss, sql injection

get and post filtering for xss, sql injection

demyr
Senior Member
Posts: 331
Threads: 17
Joined: Sep 2018
Reputation: 7

05-16-2021, 11:22 PM

Well, if you need to add sth, you can use some classical php functions such as strip_tags and preg_replace :

PHP Code:
$name_from_input = strip_tags($this->request->getVar('user_name'));
      
$name_to_db = preg_replace("/[\'\")(;|`,<>]/", "", $name_from_input);

$data = [
 'user_name' => $name_to_db
]; 

Messages In This Thread

get and post filtering for xss, sql injection - by Secux - 05-16-2021, 06:27 AM

RE: get and post filtering for xss, sql injection - by InsiteFX - 05-16-2021, 03:37 PM

RE: get and post filtering for xss, sql injection - by Secux - 05-16-2021, 09:03 PM

RE: get and post filtering for xss, sql injection - by demyr - 05-16-2021, 11:22 PM

RE: get and post filtering for xss, sql injection - by php_rocs - 05-17-2021, 07:41 AM

RE: get and post filtering for xss, sql injection - by Secux - 05-18-2021, 08:50 AM