Most Popular Tutorials
-
What is php?
-
How to install php?
-
How to write program in php?
-
what is variable?
-
Variable handling function in php
-
Variable scope
-
PHP Constant
-
DataType
-
PHP Operators
-
PHP Comments
-
php If else statements
-
PHP Loop
-
Continue and Break
-
switch statement
-
Typecasting
-
Types of errors in php
-
Function
-
Date Function
-
Header function
-
php inbuilt function
-
unlink & unset
-
what is filter_var() function in php?
-
ob_start
-
htmlspecialchars() and htmlentities()
-
array
-
Array Short function
-
Array Function
-
String
-
String function
-
Get & Post methods
-
include and require
-
implode and explode function
-
Cookies
-
Session
-
File uploading in php
-
File Handling
-
File Handling Functions
-
Exception
-
PHP GD Library (Images)
-
Curl
-
Encription and Decription
-
SQL injection
-
Security for website
-
Captcha
-
Server variable
-
Insert Data using Ajax
-
View Data Using Ajax
-
Update Data Using Ajax
-
Delete Data Using Ajax
-
serialize method using Ajax
-
Upload Data using Ajax
-
Check username availability using ajax
-
Check duplicate email using ajax
-
Delete multiple data using ajax with checkbox
-
Ckeditor Using Ajax
-
Show loading image using Ajax
-
301 and 302 Redirect Page
-
Number format function
-
url rewriting using htaccess
-
Google map
-
PHP Programs
-
Login, Registration and Logout application
-
CRUD in php
-
CRUD with Procedure
-
Trigger
-
PHP Interview Questions
Most Popular Tutorials :-
Simply Easy Learning at Your Fingertips. Click Tutorials Menu to view More Tutorial List
Security for website
�How to protect PHP website
Step 1: Storing data in mysql database.
If you want to get user data from user and store data into database, you always use addslashes() functions for every input. Users may add javascript code or iframe code in databases, so try to use strip_tags() function as well.
addslashes() :- Returns a string with backslashes in front of predefined characters
strip_tags() :- Strips HTML and PHP tags from a string. The strip_tags() function strips a string from HTML, XML, and PHP tags.Strip the string from HTML tags, but allow tags to be used:
File name : index.php
$str = "Who's itechtuto?";
echo $str . " i am not safe in a database query.<br>";
echo addslashes($str) . " i am safe in a database query.";
?>
<?php
echo strip_tags("Hello <b><i>world!</i></b>","<b>");
?>
<p>This function strips a string from HTML, XML, and PHP tags. In this example, we allow <b> tags to be used (all other tags will be removed).</p>
Output :-
Who\'s itechtuto? i am safe in a database query.
Step 2: printing data for user view
When ever you show data to user or output information, always user strip_tags() function and allow only div, p,br,strong,or font tags. Strip all other tags, otherwise, some user will insert malicious code in database and may iframe data or output javascript code
File name : index.php
Step 3: Session Handling.
Don?t store sensitive information in cookies.
Previous Next
Trending Tutorials
0.0 / 5
0 Review
Write Review Here
Most Popular Tutorials
-
File Handling Functions
-
Number format function
-
Trigger
-
Show loading image using Ajax
-
Date Function
-
CRUD in php
-
PHP GD Library (Images)
-
PHP Interview Questions
-
Session
-
PHP Comments
-
DataType
-
serialize method using Ajax
-
PHP Loop
-
File Handling
-
Server variable
-
include and require
-
implode and explode function
-
301 and 302 Redirect Page
-
Get & Post methods
-
array
Important Link
-
How to manage Session in php Tutorials.
More ....... -
upcomming codeigniter and angular js tutorials.
Click here to see More ...
