XSS and SQL Injection |
[eluser]piddleton[/eluser]
In my newly converted CI site, I've turned on global_xss_filtering. I also used bindings in a query that takes form inputs and inserts the fields into a MySQL database. If I weren't using CI, I'd need to do some more work myself into preventing cross-site scripting and SQL Injection. I got bitten by these issues many years ago on a ColdFusion site and ended up having to do a lot of work to shore up the holes. With CI, it almost seems too easy to do this. Not really a complaint mind you. :-) Are these measures sufficient to protect my site? Anything else I should be doing as well?
[eluser]Otemu[/eluser]
Hi, Are you also validating data on your form inputs?? If not check out the form validation class Good guide to Codeigniter security here Hope that helps
[eluser]piddleton[/eluser]
Thanks, sounds like I'm good to go as I am using the form validation class. I think I was so badly burned by XSS and SQL Injection in the past I'm probably over-thinking it. Will check out the security link. |
Welcome Guest, Not a member yet? Register Sign In |