Avoiding cross site scripting
AM a newbie in php, i have seen some web applications th开发者_运维知识库at have only index.php showing on the browsers address path, when you put the mouse pointer, you would see that the links show with together with the variables required for the next page. However when you click on the link, the address bar would still show index.php. If one enters the variables directly on the address bar, then it takes you back to the home page.
How is this done?
A common way to do this is using AJAX or JQuery, allowing you to place content from other pages within an element of your mainpage, not causing a browser page refresh, while still having the same page in the url.
Using firebug extension of firefox, on the network tab, you can inspect what is send and how to the server.
This can be done with some success by checking the HTTP Referer header.
Here is a link of how to do it Beautiful way to remove GET-variables with PHP also checke using htaccess
精彩评论