Best PHP security for MySql injection, XSS,...?
Posted: Thu Jan 20, 2011 12:01 pm
I was searching around for some good security regarding forms in PHP which data is then written to MySql.
I get some value from URL or form this way:
$something = $_GET['something']; or $something = $_POST['something'];
This can be exploited then by mysql injection and XSS,... right?
Well I was searching for best solution for that and I am wondering if I use this code, will it be OK?
$something = mysql_real_escape_string(htmlspecialchars(stripslashes(strip_tags($_GET['something']))));
Or should I use them seperatly?
I get some value from URL or form this way:
$something = $_GET['something']; or $something = $_POST['something'];
This can be exploited then by mysql injection and XSS,... right?
Well I was searching for best solution for that and I am wondering if I use this code, will it be OK?
$something = mysql_real_escape_string(htmlspecialchars(stripslashes(strip_tags($_GET['something']))));
Or should I use them seperatly?