regarding database security
I am using prepared statements with mysqli(); to insert and retrieve data on my website also i used bind_param so开发者_开发百科 i don't add variables directly into the query.I used strip_tags to clean any inputs what else should i look out for ?
Don't use strip_tags() on database input: use htmlentites() (or urlencode() where appropriate) on browser output.
精彩评论