Sql injection and security

Hi to all
I’m concerned about security and making slim secure. To insert it into my MySQL I’m using PDO bind and to get the values like this

$params = $request->getParsedBody();

Is there anything to secure even more from XSS and similar attacks?

That’s quite a big question :slight_smile:

Two starter things would be: sanitise all user input, and escape any output that comes from it especially if you intend to display that input on the site. Also have a look at content security policies (CSP) - through which you can instruct browsers to only download files (css, js, images, etc) from locations you permit.

Some resources:

I know about this in pure PHP form but I was thinking more about what Slim offers out of the box? in term of security and sanitizing the input through the request interface.

Slim is a micro-framework and therefore only responsible for the HTTP request/response routing and dispatching lifecycle. There is no built-in validation, XSS protection, and database abstraction. You can use other PHP libraries or functions to perform these tasks.

1 Like