I am using PHP 5 with the SQLite 3 class , and I wonder if using PHP's built-in data filtering with the FILTER_SANITIZE_STRING flag is enough to stop SQL and XSS attacks.
I know I can boast of a big ugly PHP class to filter everything, but I like to keep my code clean and as short as possible.
Please inform.
The class SQLite3allows you to prepare instructions and bind values to them. This will be the right tool for database queries.
SQLite3
XSS, , SQLite.
XSS, SQLI. XSS htmlentities HTML. SQLI SQLite ( ), escapeString SQL-.
, , , . , .
, , - , ?
, , . .
OWASP ESAPI, . , , , .
If you are just trying to create a simple form and don't want to enter any heavy or even light frames, go to php filters + and use PDO for the database. This should protect you from everything except fakes with requests to use the site.