Best practices for making code string safe for database & output
I am currently working on a project that saves code snippets to a database, which can be viewed and copied later. I just wanted to know the best way to check the input would be safe from SQL injection and XSS, CSRF on the cli开发者_如何学编程ent side when viewed.
I know the string will have to be converted, but in not sure which is the best method.
Any links or examples would be great.
Thanks
XSS: http://php.net/manual/en/function.htmlspecialchars.php
SQLI: http://php.net/manual/en/function.mysql-real-escape-string.php
CSRF: you should generate token or at least check referrer.
In addition, valid the input type, i.e if its suppose to be numeric value, use intval($input), and so on.
精彩评论