I did some testing by creating a very simple form.
protected from attack seems like sql injection and xxs:
strings as <script>alert("hello");</script> and <?php echo "hello"; ?> are transformed.
But the validation of the fields seems to be client side only (with js)
And I managed to pass, how can I be sure that the inclusion of fields in a db is valid?
protected from attack seems like sql injection and xxs:
strings as <script>alert("hello");</script> and <?php echo "hello"; ?> are transformed.
But the validation of the fields seems to be client side only (with js)
And I managed to pass, how can I be sure that the inclusion of fields in a db is valid?