360扫描网站揭示有漏洞
360扫描网站提示有漏洞
我已经对输入字符串过滤了,但是还会提示。请问如何解决
get_magic_quotes_gpc() ? $_REQUEST['key'] : addslashes($_REQUEST['key']);过滤方法。
search.php?key=Your%20Story%3C/title%3E%3C/head%3E%3Cbody%3E%3Cscript%3Ealert(42873);%3C/sCript%3E
用户输入这个就会在我网站最上面显示网站名称。不解
------解决方案--------------------
Your%20Story%3C/title%3E%3C/head%3E%3Cbody%3E%3Cscript%3Ealert(42873);%3C/sCript%3E
不知道你的这个串是哪里来的
Your Story
------解决方案--------------------
简单的说,addslashes这个只能过滤单引号,其他字符并不能转义,htmlspecialchars这函数不要忘记使用
------解决方案--------------------
get_magic_quotes_gpc() ? $_REQUEST['key'] : addslashes($_REQUEST['key']);过滤方法。
你这段代码没啊。。。。。
- PHP code
function escape($value) { $value = is_array($value) ? array_map('escape',$value):htmlspecialchars(trim($value)); return get_magic_quotes_gpc()?$value:addslashes($value); } $_GET = array_map('escape', $_GET); $_POST = array_map('escape', $_POST); $_COOKIE = array_map('escape', $_COOKIE); $_REQUEST = array_map('escape', $_REQUEST); <br><font color="#e78608">------解决方案--------------------</font><br>addslashes是过滤单引号和NULL字符的, 对标签根本无效, 要展示给用户的非文档内容一律htmlspecialchars. <br><font color="#e78608">------解决方案--------------------</font><br>很明显是你根据用户提交的k拼接JS代码的时候出问题了, 估计你是希望将用户提交的key拼给JS动态展示给用户, 仔细检查JS拼接那里是否使用了htmlspecialchars吧. <div class="clear"> </div>

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

The Chinese meaning of request is "request". It is a global variable in PHP and is an array containing "$_POST", "$_GET" and "$_COOKIE". The "$_REQUEST" variable can obtain data and COOKIE information submitted by POST or GET.

The Request object in PHP is an object used to handle HTTP requests sent by the client to the server. Through the Request object, we can obtain the client's request information, such as request method, request header information, request parameters, etc., so as to process and respond to the request. In PHP, you can use global variables such as $_REQUEST, $_GET, $_POST, etc. to obtain requested information, but these variables are not objects, but arrays. In order to process request information more flexibly and conveniently, you can

How to use the urllib.request.urlopen() function in Python3.x to send a GET request. In network programming, we often need to obtain data from a remote server by sending an HTTP request. In Python, we can use the urllib.request.urlopen() function in the urllib module to send an HTTP request and get the response returned by the server. This article will introduce how to use

The role and significance of Request in PHP In PHP programming, Request is a mechanism for sending requests to the Web server. It plays a vital role in Web development. Request is mainly used to obtain data sent by the client, such as form submission, GET or POST request, etc. Through Request, the data input by the user can be obtained, and the data can be processed and responded to. This article will introduce the role and significance of Request in PHP and give specific code examples.

1. Create a new file called request.js and import Axios: importaxiosfrom'axios'; 2. Create a function called request and export it: This will create a function called request and export it Set up a new Axios instance with a base URL. To add timeout settings in a wrapped Axios instance, you can pass the timeout option when creating the Axios instance. exportconstrequest=axios.create({baseURL:'https://example.

Request in PHP refers to request. It is a super global variable in PHP. It is used to collect data submitted by HTML forms and parameters in URLs. It can obtain data from GET and POST requests at the same time. Note that $_request is an associative array. , where the keys are the names of the form fields and the values are the values of the form fields. When using the $_request variable, user-entered data should always be validated and filtered to avoid security issues.

Detailed explanation of the usage of htmlspecialchars function in PHP In web development, it is often necessary to display some user input content on the web page, such as article content, comment content, etc. However, if you display this content directly on a web page, you may encounter some security issues. For example, some users may embed some malicious scripts in comments, which, after being parsed by the browser, will pose a security threat to the website. To prevent this from happening, we need to filter and

How to use context to implement request parameter verification in Go Introduction: During the back-end development process, we often need to verify the request parameters to ensure the legality of the parameters. The Go language provides the context package to handle request context information. Its elegant design and simple use make it a commonly used tool. This article will introduce how to use Go's context package to implement request parameter verification and give corresponding code examples. Introduction to the context package In Go, the context package is used to deliver
