Quote:
Originally Posted by angelali
I have never said strip_tags and htmlentities are used for database! I said I used them against XSS. Read again.
|
(reading again...)
Quote:
|
Originally Posted by angelali
And can we add our traditional htmlentities or strip tags in PDO statements to protect against XSS?
|
Yes you did...
By the way, XSS is client side by the way, and not related to SQL injection (correct me if I'm wrong please).
Quote:
|
Originally Posted by wikipedia
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. Due to breaches of browser security, XSS enables attackers to inject client-side script into Web pages viewed by other users.
|