Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
J
J
jasonOk2015-11-19 11:33:26
PHP
jasonOk, 2015-11-19 11:33:26

How safe?

I use PDO (bindParam) and filter all data through filter_var() FILTER_SANITIZE_NUMBER_INT or FILTER_SANITIZE_STRING .
Is this enough for security? Isn't it required to additionally do htmlspecialchars, for example?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
M
Mikhail Osher, 2015-11-19
@miraage

Enough, all is well. By the way, PDO can do it too.
htmlspecialchars should only be used when outputting data to the browser, when it may contain content sent by the user (untrusted content), or in other cases when you need to escape the output.

Report
X
xmoonlight, 2015-11-19
@xmoonlight

I always make my own regex filter for peace of mind: you never know?!

Report
O
OnYourLips, 2015-11-19
@OnYourLips

and I filter all data through filter_var() FILTER_SANITIZE_NUMBER_INT or FILTER_SANITIZE_STRING.
It is pointless.
No "protection" is needed if you use PDO correctly.

Similar questions
W
WebforSelf2021-03-23 23:45:26
How to start server after centos 7 backup, vestacp? 3Reply
A
Anton2021-03-27 12:39:53
Getting the selected radio item and passing it to the email body, how to display the selected item? 2Reply
O
Ob1van2016-06-24 15:03:47
How to correctly configure suricata ips in af_packet mode ubuntu 16.04 server behind a transparent TOR gateway. Is it possible? 1Reply
L
Lecturer2020-09-26 22:38:29
How to display search results for sections in wordpress? 5Reply
T
thehighhomie2018-11-30 12:28:13
Plugin to generate PDF from JavaScript? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question