a few resources
here’s a few resources that someone may find helpful:
- php’s htmlspecialchars() function, useful for encoding user input that may contain characters like <
- php’s addslashes() function, useful for escaping user input for putting into an sql query (even better is to use a parameter-based query api)
- a list of the top ten php security vulnerabilities
and don’t forget that in php, variables like $_SERVER['REQUEST_URI']
and $_SERVER['HTTP_REFERER']
are user input.