Organizational Research By

Surprising Reserch Topic

How to prevent against XSS and SQL injection


This question already has an answer here:

i want to check my data from the user for XSS and SQL injection and this is how i tried

if (isset($_GET['membernumber'])) 
{
    $mem = htmlentities($_GET['membernumber']);
    $memberparamter = cleanData($mem);

}

But which method is the best/correct way to check?

Method 1

function cleanData($data)
    {
        $data=mysql_real_escape_string($data);
        $data=trim($data);
        $data=stripcslashes($data);
        $data=htmlspecialchars($data);
        $data=strip_tags($data);
        return $data;
    }

Method 2

function cleanData($data)
    {
        $data=mysql_real_escape_string($data);
        $data=trim($data);
        $data=strip_tags($data);
        return $data;
    }

Method3

htmlspecialchars(stripcslashes(trim($data)))

asked May 18, 2015 in PHP by rajesh
0 votes
20 views



Related Hot Questions

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
Anti-spam verification:
To avoid this verification in future, please log in or register.

...