hackers can take part in different kinds of attacks or full control of a website. Generally speaking, the most common and the most dangerous is the implantation of SQL (injection) and cross site scripting (XSS cross-site scripting). SQL implantation is a malicious code in the network application, in order to achieve the purpose of using illegal control of database security vulnerability database level. This technique is very powerful, it can manipulate the URL (query string) or any other form (search, login, email) to malicious code. You can in the web application security Consortium (English) found in some examples about SQL implantation. To avoid such a hacker attack indeed. For example, adding a "middle layer" is a very good practice in between front-end and back-end database interface. In PHP, PDO (PHP Data Objects) and usually extended parameters (sometimes called placeholder or bound variables) to work, rather than directly to the user input as a command statement. Another very simple technique is the character escape, in this way, all can directly affect the risk character database structure can be escaped. For example, parameters of every single quotes " must be replaced with two single quotes " to form a valid SQL string. This is just two you can take, the most commonly used to improve the site safety and effective way to avoid the SQL implantation. You can also find many other resources on the Internet to meet your needs (Web application programming language specific, etc.). Here we want to introduce is cross site scripting (XSS) technology. Cross site scripting is a security vulnerability by using network application level, the malicious code in Web technology. When dealing with network application input data obtained by the user, and in return to the end user without any further examination or verification, this attack could happen. You can in the web application security Consortium (English) found in some cross site scripting examples. There are many ways to ensure that network applications will not be violated this technique. Including some simple and feasible method to remove can be inserted into the form of the input data (for example, in the PHP strip tags function); the use of data encoding, to avoid direct implantation of potentially malicious characters (for example, in the PHP htmlspecialchars function >
hacker attack and intercept mode:
recently, many sites in the construction of a variety of network applications, in order to provide better service for users, especially in a variety of application software to create, edit and manage content for. The system provides a lot of powerful interactive features based on user input information, it is worth noting that, considering the safety problem, avoid third party malicious attacks and ensure the best user experience becomes more and more important.