[TYPO3-english] SQL Injection & Cross-site scripting

Georg Ringer typo3 at ringerge.org
Wed Nov 16 16:58:50 CET 2011

Am 16.11.2011 15:03, schrieb Iban Cardona i Subiela:
> Do you know what is the best way (PHP or TYPO3) to prevent SQL Injection
> and Cross-site scripting attacks in TYPO3?

that is simple: correct escaping/encoding

so intval()/GLOBALS[TYPO3_DB]->quoteStr for values of queries

htmlspecialchars when outputting in html context, other things when 
context is different.


More information about the TYPO3-english mailing list