What are the best practices for avoid xss attacks in a PHP site

Posted by rikh on Stack Overflow See other posts from Stack Overflow or by rikh
Published on 2008-09-16T11:20:02Z Indexed on 2010/04/18 2:03 UTC
Read the original article Hit count: 462

Filed under:
|
|
|

I have PHP configured so that magic quotes are on and register globals are off.

I do my best to always call htmlentities() for anything I am outputing that is derived from user input.

I also occasionally seach my database for common things used in xss attached such as...

<script

What else should I be doing and how can I make sure that the things I am trying to do are always done.

© Stack Overflow or respective owner

Related posts about php

Related posts about xss