Learn about the security threat of cross-site scripting (XSS) and see why it is important to always encode dynamic content before it is output as part of the HTML.
- [Instructor] In the last movie, we saw how to use…PHP to encode special characters for use in a URL.…There's one other place where we have to watch out…for reserved characters, and that's in our HTML.…Most of the time, we have total control of what HTML…goes on the page.…We simply write it in our code.…But once we start building pages which use…dynamic data, we're going to be inserting data…that may come from the user, from the database,…from cookies, or from other resources,…and we must take care that when we do that,…we don't lose control of the HTML at the same time.…
Let me show you what I mean.…Let's say that we have a value for someone's username.…Maybe this is a value that we pull out of the database…or from a cookie or somewhere, but we get this value…for their username, and somewhere on our HTML page,…we're going to output that value.…It's a dynamic value.…Now if the username is simply Kevin,…then this will work as expected and there…won't be a problem.…What if one of our users decides to get clever…
- Organizing project files
- Including and requiring files
- Working with URL parameters
- Encoding dynamic content
- Modifying headers and page redirection
- Creating forms and processing form data
- MySQL basics
- Using PHP to access database tables
- Creating, reading, updating, and deleting database records with PHP
- Validating data
- Preventing SQL injection
Skill Level Beginner
MVC Frameworks for Building PHP Web Applicationswith Drew Falkman2h 57m Intermediate
1. Start a Database-Driven Project
2. Build Web Pages with PHP
3. Headers and Redirects
4. Build Forms with PHP
5. MySQL Basics
6. Use PHP to Access MySQL
7. CRUD with PHP
8. Validate Data with PHP
9. Prevent SQL Injection
Next steps1m 8s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.