PDA

View Full Version : security practices



coding_begins
01-10-2012, 11:53 PM
I had general question about security in php.
Suppose i have a value submitted from a form called $form that would go to the database.
What functions would good to clean it before it goes to the database.
Suppose I want to display the $form variable in the browser, what would i use to display to prevent javascript or html injection other than strip_tags.

On another note, what security practice should i follow when dealing with sessions and session varibales.

coding_begins
01-11-2012, 12:25 AM
a bit of information cookies would also help..

BluePanther
01-11-2012, 12:27 AM
The main thing you want to watch out for is sql injection. mysql_real_escape_string() will prevent that. If you want to stop people being able to post html, you should use things like htmlentities() etc.