How to prevent reflected XSS using PHP?
one text
I create a web application using PHP, and I try to protect my application against XSS attacks and SQL-Injection. I have a problem with reflected XSS. I used urlencode() function, but I am not sure if that function protects my application against reflected XSS. Someone could say me if that safe ?
$id = urlencode($_GET['id']);
$query = $this->database->ConnectDatabase()->prepare("SELECT * FROM user where user_id = :user_id");
$query->bindParam(':user_id',$id, PDO::PARAM_INT);
$query->execute();
Source