10 ソーシャルブックマーク3
•
0 likes•350 views
This document discusses security issues when using PHP for web development. It covers XSS (cross-site scripting) and SQL injection attacks. For XSS, it recommends using htmlspecialchars() to escape HTML tags in user input. For SQL injection, it recommends using mysql_real_escape_string() or prepared statements with libraries like PEAR_MDB2 or PDO to sanitize user input before using it in SQL queries.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to 10 ソーシャルブックマーク3
Similar to 10 ソーシャルブックマーク3 (20)
More from 文樹 高橋
More from 文樹 高橋 (20)
Recently uploaded
Recently uploaded (20)
10 ソーシャルブックマーク3
- 1. PHP (10)! 3
- 2. Web Web Web XSS SQL 10.4.18 (C)
- 3. XSS 1. Javascript <script type=“text/javascript”> // </script> <?php html htmlspecialchars($_POST [“hoge”], ENT_QUOTES) ?> ex. < > ‘ “ 10.4.18 (C)
- 4. SQL 2.MySQL SQL SQL <?php $sql = “SELECT * FROM tbl WHERE id = ‘’{$_POST[“hoge”]}” ?> <?php sql $var = mysql_real_escape_string ($_POST[“hoge”); ?> ex. ‘ ` 10.4.18 (C)
- 5. • • • SQL PEAR_MDB2, PDO cakePHP 10.4.18 (C)