Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PHP $_GET security, $_POST security best practice

Tags:

variables

post

security

php

get

It's a well covered topic, but I'd like to get some confirmation on methods of using data from user variables, in a few different situations.

  1. The variable is never used in a database, never stored, only displayed on screen for the user. Which function to use to make sure no html or javascript can screw things up?

  2. The variable is taken into the database, and used in SQL queries.

  3. The variable does both.

At the moment I xss_clean, and strip_tags. I've always done this, just by autopilot. Is there a better technique? Apologies if there's an identical question out there. I kinda assume there is, although I couldn't find one as thorough as this.

Cheers.

like image 898
Michael Watson Avatar asked Dec 29 '25 01:12

Michael Watson

1 Answers

  1. Use the appropriate function while outputting, in HTML context, this is htmlspecialchars
  2. Use prepared statements
  3. See 1. and 2. – depending on whether you are displaying the variable or you are using it in a query.
like image 135
knittl Avatar answered Dec 31 '25 14:12

knittl
Sign in to Comment

Related questions

HTML DOM manipulation in PHP
how to auto-increment column value starting from value other than one in mysql?
How to get a 64 bit integer hash from a string in PHP?
my_sql, need to delete 1st row
Change values from a array while iterating
Converting XML to JSON with PHP
Writing then reading back via sockets in PHP issues
Debugging PHP application after exit is called
How to get correct list position in multi-byte string using preg_match [duplicate]
Difference between MySQL NOW() and PHP date('c')

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!