Welcome Guest, Not a member yet? Register   Sign In
XSS and SQL Injection
#1

[eluser]piddleton[/eluser]
In my newly converted CI site, I've turned on global_xss_filtering. I also used bindings in a query that takes form inputs and inserts the fields into a MySQL database.

If I weren't using CI, I'd need to do some more work myself into preventing cross-site scripting and SQL Injection. I got bitten by these issues many years ago on a ColdFusion site and ended up having to do a lot of work to shore up the holes. With CI, it almost seems too easy to do this. Not really a complaint mind you. :-)

Are these measures sufficient to protect my site? Anything else I should be doing as well?
#2

[eluser]Otemu[/eluser]
Hi,

Are you also validating data on your form inputs?? If not check out the form validation class
Good guide to Codeigniter security here

Hope that helps
#3

[eluser]CI_expert_indian[/eluser]
sufficient in coding level piddleton Smile
#4

[eluser]piddleton[/eluser]
Thanks, sounds like I'm good to go as I am using the form validation class. I think I was so badly burned by XSS and SQL Injection in the past I'm probably over-thinking it.

Will check out the security link.




Theme © iAndrew 2016 - Forum software by © MyBB