Organizational Research By

Surprising Reserch Topic

How to prevent against XSS and SQL injection


This question already has an answer here:

i want to check my data from the user for XSS and SQL injection and this is how i tried

if (isset($_GET['membernumber'])) 
{
    $mem = htmlentities($_GET['membernumber']);
    $memberparamter = cleanData($mem);

}

But which method is the best/correct way to check?

Method 1

function cleanData($data)
    {
        $data=mysql_real_escape_string($data);
        $data=trim($data);
        $data=stripcslashes($data);
        $data=htmlspecialchars($data);
        $data=strip_tags($data);
        return $data;
    }

Method 2

function cleanData($data)
    {
        $data=mysql_real_escape_string($data);
        $data=trim($data);
        $data=strip_tags($data);
        return $data;
    }

Method3

htmlspecialchars(stripcslashes(trim($data)))
asked May 18, 2015 in PHP by rajesh
0 votes
16 views



Related Hot Questions



Government Jobs Opening


...