Fastest Web Hosting

What is sql injection ? What is cross-site scripting attack ?

0 votes
asked Oct 17, 2016 in PHP by Nitin Sangal (340 points)

How to prevent from SQL injection and cross-site scripting attack ?

1 Answer

0 votes
answered Oct 17, 2016 by vibhu.jain (580 points)

SQL injection is a malicious code injection technique.It exploiting SQL vulnerabilities in Web applications.

A cross-site scripting attack is one of the top 5 security attacks carried out on a daily basis across the Internet, and your PHP scripts may not be immune.

Also known as XSS, the attack is basically a type of code injection attack which is made possible by incorrectly validating user data, which usually gets inserted into the page through a web form or using an altered hyperlink. The code injected can be any malicious client-side code, such as JavaScript, VBScript, HTML, CSS, Flash, and others. The code is used to save harmful data on the server or perform a malicious action within the user’s browser.

// it prevents from SQL injection. For eg: user enter single quote in input fields and input 
// data insert into db then insert query gets error and hacker knows db relate info

$name=mysql_real_escape_string($_POST['name']);

// XSS
$comment = strip_tags($_POST["comment"]);

// Combine both functions to filter user data
$name=strip_tags(mysql_real_escape_string($_POST['name']));
$comment =strip_tags(mysql_real_escape_string($_POST['comment ']));

Job Board

TechnicalSharp is a technical community of developers where they are sharing their knowledge and solutions and against it they are getting the score point which help them to make profile strong which is under eyes on MNC's
...