This question already has an answer here:
- How can I prevent SQL injection in PHP? 28 answers
I want to know how to protect my website from hacker. I am a php-mysql developer.
For fetching data from database i always use mysqli.
For prevent my website from sql injection i always use
$db->real_esacpe_string()
function of php.
For prevent my website from XSS(Cross site scripting) i used this function
function parsing($text)
{
global $db;
$text=$db->real_escape_string($text);
$text= @trim($text);
$text= strip_tags($text);
if(get_magic_quotes_gpc()) {
$text= stripslashes($text);
}
$text=str_replace('<','',$text);
$text=str_replace('>','',$text);
$text=htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
return($text);
}
$name=parsing($_POST['name']);
Any suggestion from your side is welcomed. Thanks in advance.
</div>