Categories

Prevent XSS Attacks. Escape Strings in PHP

Published: 18 June 2015
on channel: John Morris
37,795
305

Here's the special discount link for Rob's course:
http://www.johnmorrisonline.com/coupo...

Get the source code in the Code Snippets section here:
http://www.johnmorrisonline.com/web-d...

Training Center:
http://www.johnmorrisonline.com/training

Subscribe on YouTube:
   / johnmorrisonline  

Subscribe on SoundCloud:
  / johnmorrisonline  

Subscribe on iTunes:
http://goo.gl/RggnXW

What Is XSS?

XSS stands for cross-site scripting and it refers to a type of attack where a hacker injects malicious client-side code into the output of your page.

Applications that don't escape their output are vulnerable to this type of attack.

XSS Example

A simple example is a blog comment. If not properly escaped, an attacker could enter (for example) JavaScript code into the blog comment.

That code would be stored in the database, output to the page when loaded, and because it's not escaped... render and run.

Thus, the attacker would have the full range of JavaScript capabilities to attack you and your site visitors.

How to Prevent XSS Attacks

As illustrated in the video above, you prevent XSS attacks by escaping your output using htmlspecialchars() or htmlentities().

Both PHP functions convert problematic characters into HTML entities causing the injected code to be output harmlessly and not rendered.

htmlentities vs htmlspecialchars

Both will prevent XSS attacks. The difference is in the characters each encodes. htmlentities will encode ANY character that has an HTML entity equivalent.

htmlspecialchars ONLY encodes a small set of the most problematic characters.

It's generally recommended to us htmlspecialchars because htmlentities can cause display problems with your text depending on characters are being output.

Think of htmlspecialchars as a scalpel and htmlentities as a hammer. Both can solve the problem... one is just a little more precise.

~-~~-~~~-~~-~
Please watch: "Ryan Carson: How to Get an IT Job WITHOUT a College Degree"
   • Ryan Carson: How to Get an IT Job WIT...  
~-~~-~~~-~~-~
#php #webdev

Watch video Prevent XSS Attacks. Escape Strings in PHP online without registration, duration hours minute second in high quality. This video was added by user John Morris 18 June 2015, don't forget to share it with your friends and acquaintances, it has been viewed on our site 37,795 once and liked it 305 people.

play_arrow
6,256
230

Talking Fish: Surgeonfish, Tangs and The Acanthuridae Fish Family!

Talking Fish: Surgeonfish, Tangs and The Acanthuridae Fish Family!
play_arrow
227
1

Интерактивная игрушка для кошек Trixie Catch the Mouse

Интерактивная игрушка для кошек Trixie Catch the Mouse
play_arrow
35
0

Steam Mason: Animatic - 3D Category IT Challenge competition

Steam Mason: Animatic - 3D Category IT Challenge competition
play_arrow
181,938
3.2K

10 Times Mail Order Brides Went Terribly Wrong!

10 Times Mail Order Brides Went Terribly Wrong!
play_arrow
95
0

RB#11 3s 2on2 Finale Freres Serbes Vs Otanation 12/12/09

RB#11 3s 2on2 Finale Freres Serbes Vs Otanation 12/12/09
play_arrow
56,558
831

CRUNCHY KURMA | MITHAI | DIWALI DESSERT- DETAILED INSTRUCTIONS

CRUNCHY KURMA | MITHAI | DIWALI DESSERT- DETAILED INSTRUCTIONS
play_arrow
937
30

Montamos un Kyosho MP10 TKI2 Nitro paso a paso.

Montamos un Kyosho MP10 TKI2 Nitro paso a paso.
play_arrow
97
22

recursion Simple program in C language

recursion Simple program in C language

Related
play_arrow
How hard is it to learn HTML?

How hard is it to learn HTML?
play_arrow
Can I get a job just knowing HTML and CSS?

Can I get a job just knowing HTML and CSS?
play_arrow
Is it still worth learning HTML and CSS in 2023?

Is it still worth learning HTML and CSS in 2023?
play_arrow
How do I teach myself HTML?

How do I teach myself HTML?
play_arrow
Complete HTML Tutorial for Beginners | Launch Your Web Development Career

Complete HTML Tutorial for Beginners | Launch Your Web Development Career
play_arrow
11 silly things you should NOT do on Upwork

11 silly things you should NOT do on Upwork
play_arrow
Will you know if your proposal is declined on Upwork?

Will you know if your proposal is declined on Upwork?
play_arrow
A stupid obvious way to get good reviews on Upwork

A stupid obvious way to get good reviews on Upwork
play_arrow
The disturbing downsides of Upwork

The disturbing downsides of Upwork
play_arrow
Hacks for beginners to get clients on Upwork

Hacks for beginners to get clients on Upwork
play_arrow
How to get noticed on Upwork

How to get noticed on Upwork
play_arrow
Is it bad to decline an offer on Upwork?

Is it bad to decline an offer on Upwork?
play_arrow
The best time to submit proposals on Upwork

The best time to submit proposals on Upwork
play_arrow
Does boosting your proposal on Upwork help

Does boosting your proposal on Upwork help
play_arrow
Why your proposals get rejected on Upwork

Why your proposals get rejected on Upwork
play_arrow
How long a proposal should be on Upwork

How long a proposal should be on Upwork
play_arrow
Get your first proposal accepted on Upwork

Get your first proposal accepted on Upwork
play_arrow
How to write a good proposal on Upwork

How to write a good proposal on Upwork
play_arrow
How many proposals you should send on Upwork per day

How many proposals you should send on Upwork per day
play_arrow
What clients actually want to hear in Upwork proposals

What clients actually want to hear in Upwork proposals
play_arrow
Upwork proposals clients actually read

Upwork proposals clients actually read
play_arrow
How Upwork ranks proposals. Yes, PROPOSALS!

How Upwork ranks proposals. Yes, PROPOSALS!
play_arrow
ChatGPT is coming for developers 😡

ChatGPT is coming for developers 😡
play_arrow
The dumbest Upwork proposal mistake

The dumbest Upwork proposal mistake