prevent SQL Injection and XSS attack

prevent SQL Injection and XSS attack - Printable Version

+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: General Zone (https://www.indonesianbacktrack.or.id/forum/forum-172.html)
+--- Forum: Programming (https://www.indonesianbacktrack.or.id/forum/forum-95.html)
+---- Forum: PHP (https://www.indonesianbacktrack.or.id/forum/forum-112.html)
+---- Thread: prevent SQL Injection and XSS attack (/thread-4236.html)

Pages: 1 2

prevent SQL Injection and XSS attack - Junior Riau - 02-04-2013

Assalamualaikum wr wb,,
kembali lagi ni si junior Big Grin

dah lama g main di forum

nah kali ini mau berbagi tips buat para para pecinta web devel

tips nya tentang mengatasi serangan sql injection dan xss attack

langsung saja

SQL Injection

untuk POST dan GET parameter

$param=mysql_real_escape_string($_GET['data']);
$param=mysql_real_escape_string($_POST['data']);

saya menggunakan itu Big Grin

XSS

$str = filter_var($_POST['data'], FILTER_SANITIZE_STRING);

saya juga menggunakan itu

nah simpel kan??

semoga bermanfaat

regards

junior was there

RE: prevent SQL Injection and XSS attack - alkaaf - 02-04-2013

kalo cegah xss php nambahin neh. pake fungsi htmlspecialchars().

PHP Code:
$newstr = htmlspecialchars($str) 

nice share bro

RE: prevent SQL Injection and XSS attack - wahyuardan - 02-04-2013

wah sip bro tutorialnya buat tambah referensi coding php untuk masalah filtering Smile

RE: prevent SQL Injection and XSS attack - Junior Riau - 02-04-2013

kalau saya xss nya pake cara itu work kok, terbukti di web ibt riau kemaren no bugs Wink

)

RE: prevent SQL Injection and XSS attack - AaEzha - 02-05-2013

keren nih tutorialnya...

makasih om bro...

RE: prevent SQL Injection and XSS attack - Udalah - 02-05-2013

mantap nih, nice share om Smile

RE: prevent SQL Injection and XSS attack - abdilahrf - 02-18-2013

judul nya harusnya protect sqlinjecion and xxs Big Grin

:-bd

RE: prevent SQL Injection and XSS attack - r14n - 10-29-2013

mau nambahin om , sekedar nambah aja ya =))
perintah absolute string
$id = abs($_GET['id'])

RE: prevent SQL Injection and XSS attack - Junior Riau - 10-30-2013

(02-05-2013, 03:40 PM)AaEzha Wrote: keren nih tutorialnya...

makasih om bro...

thanks om

(02-05-2013, 04:27 PM)Udalah Wrote: mantap nih, nice share om

thanks om

(02-18-2013, 10:54 AM)abdilahrf Wrote: judul nya harusnya protect sqlinjecion and xxs :-bd

prevent itu apa?? coba deh cari tau artinya Smile

(10-29-2013, 07:15 PM)r14n Wrote: mau nambahin om , sekedar nambah aja ya =))
perintah absolute string
$id = abs($_GET['id'])

nilai nya kan integer kok di absolute string??

RE: prevent SQL Injection and XSS attack - ekawithoutyou - 10-30-2013

wah ga paham ky begini =))