Is there a way to filter metacharacters from all $_POST values sent from pages on my site in an effort to eliminate the majority of XSS attacks?
There's no magic function that's going to protect you from Cross Site Scripting or SQL Injection. Do you honestly even know what they are or how they work? You need to understand that first. Then, once you understand what's going on, htmlentities(), addslashes(), etc, will help.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
