HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Programming/Scripts (http://www.howtoforge.com/forums/forumdisplay.php?f=7)
-   -   About htmlentities/html_entity_decode and security (http://www.howtoforge.com/forums/showthread.php?t=48991)

padmx82 23rd September 2010 19:41

About htmlentities/html_entity_decode and security
 
Hi,

First of all, sorry for my english, Im from Mexico.

Im developing a website in PHP/MySQL that implements a link to Google Maps. I want to save the html code from Google Maps in a table of the database, so I began reading about website security and the XSS topic came out.

I began looking for preventive measures to avoid the XSS problem so I came with the "mysql_real_escape_string" function but then I also came up with tutorials about using "htmlentities" and "html_entity_decode" functions.

My question for you is, is the combo "htmlentities/html_entity_decode" a good way to prevent the XSS problem or is there a better solution?

Thanks in advance

Padmx


All times are GMT +2. The time now is 12:45.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.