Comments on: How to filter & escape data from Injection attacks in PHP! http://corpocrat.com/2009/07/28/filtering-escaping-post-data-from-injection-attacks/ Daily Blog from Internet Entrepreneur/Webmaster Tue, 07 Feb 2012 20:25:23 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: JC http://corpocrat.com/2009/07/28/filtering-escaping-post-data-from-injection-attacks/#comment-17817 JC Tue, 01 Feb 2011 13:05:00 +0000 http://corpocrat.com/2009/07/28/filtering-escaping-post-data-from-injection-attacks/#comment-17817 Use the HTMLPurifier PHP library, it will clean up any user submitted code and remove any malicious code to prevent XSS. Use the HTMLPurifier PHP library, it will clean up any user submitted code and remove any malicious code to prevent XSS.

]]> By: Matt Varney http://corpocrat.com/2009/07/28/filtering-escaping-post-data-from-injection-attacks/#comment-5394 Matt Varney Fri, 18 Dec 2009 22:38:05 +0000 http://corpocrat.com/2009/07/28/filtering-escaping-post-data-from-injection-attacks/#comment-5394 Escaping form variables properly is such a pain. At least they are getting rid of magic quotes. They are the worst thing ever created. "It turns out that mysql_add_slashes() does the job but it causes more problems than anything and it is not advisable to use this function and it has been discontinued since PHP 6.0" You make it sound like PHP6 is an old version :) PHP6 is not out yet and as far as I know it is quite a ways in the future Escaping form variables properly is such a pain. At least they are getting rid of magic quotes. They are the worst thing ever created.

“It turns out that mysql_add_slashes() does the job but it causes more problems than anything and it is not advisable to use this function and it has been discontinued since PHP 6.0″

You make it sound like PHP6 is an old version :) PHP6 is not out yet and as far as I know it is quite a ways in the future

]]>