[TYPO3-english] SQL Injection & Cross-site scripting
Georg Ringer
typo3 at ringerge.org
Wed Nov 16 16:58:50 CET 2011
Am 16.11.2011 15:03, schrieb Iban Cardona i Subiela:
> Do you know what is the best way (PHP or TYPO3) to prevent SQL Injection
> and Cross-site scripting attacks in TYPO3?
that is simple: correct escaping/encoding
so intval()/GLOBALS[TYPO3_DB]->quoteStr for values of queries
htmlspecialchars when outputting in html context, other things when
context is different.
georg
More information about the TYPO3-english
mailing list