[Solved] JavaScript MySQL injection prevention [closed]


For a start, JavaScript is code that a user can actually edit using DOM tools (like inspect element) and should never be used as a mechanism to security with Databases.

You should firstly start to research about prepare statements in PDO if you’re using un-trusted user input; the bind paramtter in the PDO interface automatically strips the HTML content out of the input.

You can also look at the preg_replace function inside of PHP. This can be used to do more unique and to-the-point strips and allows functionality like BB Code.

There are plenty of resources on stack over-flow which cover the security issues raised in this question and certainly solve each layer attack.

Source 1

Source 2

Also note, the attack you’re specifying is an XSS attack used to inject malicious JavaScript code. If you want to allow this code, never directly insert it to a global page (ie: comments that multiple users can see). Only allow the single user to view the code they put in. Otherwise, view the above sources for further information.

2

solved JavaScript MySQL injection prevention [closed]