Wednesday 30 November 2016

php - PDO Statements And XSS Attack

I've one POST parameter in one of the page hosted at localhost server.



$name = addslashes(trim($_POST['name']));


and using PDO prepared statements in one of the Update.php page and,




When i try to submit the field with the following data, it shows a ALERT Popup which leads to XSS attack, so how can i prevent this attack so that SQL Injection and XSS won't works.



abc">


Here's the SQL Query which i'm using - 



$query = "UPDATE table set name =? where id=?";
$stmt = $conn->prepare($query); 
$stmt->execute(array($name,$id));



Thank you

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

c++ - Does curly brackets matter for empty constructor?

Those brackets declare an empty, inline constructor. In that case, with them, the constructor does exist, it merely does nothing more than t...