Anti XSS Injection To Protect Your Website

As I fill my free time, I want to share information about security. Now many web masters who abused their knowledge to things that are negative, was attacked by XSS injection easy to make the web become confused lovers to overcome. So what does XSS Injection? XSS injection according to Wikipedia is one type of code injection attack (code injection attack) Html. So the core of XSS Injection is an attack using HTML code.

Jump to the bottom line, to make the Anti SQL injection, we can use the following source:

antixss function ($ data)
{
     $ xss = htmlspecialchars (trim ($ data));
     return $ xss;
}
 

From the source above, we see the two functions, namely the function htmlspecialchars and trim, then what is their role? 

Htmlspecialchars: serves to ignore the HTML tags, such as spaces converted to% 20, so that when there is an attacker to insert html code, then it will not be read as an HTML tag, but plain text.  

Trim: trim here serves to remove the space character in front of the text.

For the use of anti-xss function as follows, for example, we will use the file simpan.php so full code as follows:

<? php
mysql_connect ("localhost", "root ","") or die (" Connection failed ");
mysql_select_db ("db_guestbook") or die ("database connection failed");
 
antixss function ($ data)
{
     $ xss = htmlspecialchars (trim ($ data));
     return $ xss;
}
 
$ name = antixss ($ _POST ['name']);
$ email = antixss ($ _POST ['email']);
$ web = antixss ($ _POST ['web'];);
$ message = antixss ($ _POST ['message']);
$ date = date ('Y-m-d');
$ query = mysql_query ("insert into values ​​guest_book ('','$ name ',' $ email ',' $ web ',' $ message ',' $ date')");
if ($ query)
     {
         echo "Failed to save the guest book, please <a href=\"guest_book.php\"> repeat </ a>.";
     }
         else
     {
         echo "Thanks $ name has filled the guest book.";
     }
?>