Wow,its been a long time that i stop to post.Well,something happen must have some reason to cause it happened ,right?huhuhu...the reason is i'am quite busy recently.doing some homework..like sweeping the leaves,throw some thrash,reading comic(Shin Chan),sleeping and some jobs that i think it quite reasonable to do,haha.Okey,just stop this some nonsense things,now we just continue what we have not done yet.
To follow this post please refer the previous post first.
There is a lot of ways to tackle this attack,so,for this post,we will only learn the two function to practice the security.
So,the first function is htmlspecialchars().Here is the example:
First copy this code:
<html>
<head>
<title>Security PHP</title>
<?PHP
if ($_SERVER['REQUEST_METHOD'] == 'POST'){$name = $_POST['name'];
echo $name;
}
?>
</head>
<BODY>
<Form Method = "Post" action ="SecurityinPHP.php">
<input type = "text" name = "name" value ="Test full name">
<input type="submit" name="Submit" value="send">
</Form>
</BODY>
</html>
and then,try to change this line:
$name = $_POST['name'];
echo $name;
to this:
$name = $_POST['name'];
$name = htmlspecialchars($name);
echo $name;
Then,run your code and type this code below into the textbox,then click "send" button:
"<A HREF ="dummysite">A Bad/Virused Site</A>"
it should display right this ryte:
Thank you,that's all for today,See you next time,hahaha
N/NOte :i'm more prefer on htmlentities() rather that htmlspecialchars().If you got something to ask or to add,just comment here..^^
No comments:
Post a Comment