Poor PHP code simplification_PHP tutorial

WBOY
Release: 2016-07-21 15:41:35
Original
926 people have browsed it

Copy code The code is as follows:

echo("

search results for query:").
$_GET['query'].".

";
?>

The main problem with this code is that it displays the data submitted by the user directly to the web page, resulting in an XSS vulnerability. There are actually many ways to fill this hole. So, what code do we want?
Copy code The code is as follows:

echo("

search results for query: ").
htmlspecialchars($_GET['query']).".

";
?>


This is the minimum requirement. The XSS vulnerability was filled with the htmlspecialchars function, thus blocking illegal characters.
Copy code The code is as follows:

if(isset($_GET['query'] ))
echo'

search results for query:',
htmlspecialchars($_GET['query'],ENT_QUOTES).'.

';
?>

People who can write such code should be the ones I want to hire:
**Check whether the $_GET['query'] value is empty before outputting it.
*The redundant parentheses in the echo command have been removed.
* Strings are qualified with single quotes, thus saving PHP time searching for replaceable variables from the string.
* Use commas instead of periods to save echo time.
* Pass the ENT_QUOTES flag to the htmlspecialchars function to ensure that single quotes are also escaped. Although this is not the most important thing, it is also a good habit.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/321134.htmlTechArticleCopy the code as follows: ? echo("psearch results for query:"). $_GET['query'] ."./p"; ? The main problem with this code is that it displays the user-submitted data directly on the web page, from...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!