Alorrysuery
New Member
When I validate inputs I'm converting characters, including quotes, to their HTML entities. When putting them into a database I am using PDO prepared statements and passing the variables into the execute method.Is this enough to stop SQLi and XSS attacks?Also, on another note, what's the best way to allow hotlinked images? Because they contain slashes etc. I was thinking about checking the images to see if the contain valid headers.Thanks