Snow_Mac Snow_Mac - 1 year ago 68
PHP Question

Classes to Protect from SQL/XXS attacks?

I'm building a MVC application for managing a creative portfolio (Going to put it on git hub). I need something to secure the DB connections, basically I have one class to manage ALL DB transactions.

I need to either create a class or find a class that can protect all SQL queries from XXS or SQL Attacks. What suggestions do you have for securing PHP Database connections?

Answer Source

just try to filter you POST,GET requests with this function

function protect($string) 
      if (ini_get('magic_quotes_gpc') == 'off') // check if magic_quotes_gpc is on and if not add slashes
             $string = addslashes($string); 
// move html tages from inputs
$string = htmlentities($string, ENT_QUOTES);
//removing most known vulnerable words
$codes = array("script","java","applet","iframe","meta","object","html", "<", ">", ";", "'","%");
$string = str_replace($codes,"",$string);
//return clean string
return $string; 

you can easily apply it for the whole input using array_map function

$input = array_map('protect','$_POST');
$input = array_map('protect','$_GET');
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download