Why I cant submit script from <input type="text"> block? [closed]
I am sending all form info by POST method and I want to directly print them on the screen. And when I submit
"aaaaaaaaaaaaaaa <b>Hello</b> <script>alert('Hello World')</script>"
into the input block then I see on the screen printed "aaaaaaaaaaaaaaa" then bold "Hello" and that's it. Where does script goes? Is it a protection that PHP implements???
Check your PHP version and magic_quotes_gpc
value. It escapes all REQUEST data. This value should be 'Off'. In PHP 5.3 magic_quotes_gpc
is deprectaed.
php does not have native protection against these attacks but sites are supposed to implement these protections
in practice any malicious code will be escaped by the php script
edit:
echo strip_tags($_POST['data'], "<b><i><u>");
精彩评论