• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
XSS and SQL Injection

In my newly converted CI site, I've turned on global_xss_filtering. I also used bindings in a query that takes form inputs and inserts the fields into a MySQL database.

If I weren't using CI, I'd need to do some more work myself into preventing cross-site scripting and SQL Injection. I got bitten by these issues many years ago on a ColdFusion site and ended up having to do a lot of work to shore up the holes. With CI, it almost seems too easy to do this. Not really a complaint mind you. :-)

Are these measures sufficient to protect my site? Anything else I should be doing as well?


Are you also validating data on your form inputs?? If not check out the form validation class
Good guide to Codeigniter security here

Hope that helps

sufficient in coding level piddleton Smile

Thanks, sounds like I'm good to go as I am using the form validation class. I think I was so badly burned by XSS and SQL Injection in the past I'm probably over-thinking it.

Will check out the security link.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.