xss

What is the http-header “X-XSS-Protection”?

by

X-XSS-Protection is a HTTP header understood by Internet Explorer 8 (and newer versions). This header lets domains toggle on and off the “XSS Filter” of IE8, which prevents some categories of XSS attacks. IE8 has the filter activated by default, but servers can switch if off by setting X-XSS-Protection: 0 See also http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx

How to prevent XSS with HTML/PHP?

by

Basically you need to use the function htmlspecialchars() whenever you want to output something to the browser that came from the user input. The correct way to use this function is something like this: echo htmlspecialchars($string, ENT_QUOTES, ‘UTF-8’); Google Code University also has these very educational videos on Web Security: How To Break Web Software … Read more

How can I sanitize user input with PHP?

by

It’s a common misconception that user input can be filtered. PHP even has a (now deprecated) “feature”, called magic-quotes, that builds on this idea. It’s nonsense. Forget about filtering (or cleaning, or whatever people call it). What you should do, to avoid problems, is quite simple: whenever you embed a a piece of data within … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)