Protection of PHP sites - processing of incoming data

Always check the data user ($ _POST, $ _GET, $ _REQUEST, $ _COOKIE, $ _FILES), and not only from different injections, XSS and other things but also for the correctness of input data.

1. SQL Injection

SQL injection is one of the most commonly used methods for obtaining access over sites, working with databases based on the introduction of SQL- query arbitrary code. To prevent this, simply use:

1.1 - mysql_escape_string() - to protect binary data
1.2 - mysql_real_escape_string() - to protect binary data according to the coding instalirano server (requires connection to the server)
1.3 - intval() - Protection of integer numeric values, intval() returns 0 if the string is not a number .
1.4 - floatval() - to protect the fractional values, such as in intval()

2. XSS

XSS is the second most common Internet attack after SQLI injection. Endangered are all sites that display information entered by a user of the site. If the input is not properly processed by software on the site, it automatically makes your site vulnerable to XSS.

2.1 - htmlspecialchars () - convert special characters into HTML entities
2.2 - strip_tags () - deletes HTML and PHP tags from a string ( be careful with this feature )