开发者

Why I cant submit script from <input type="text"> block? [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for g开发者_C百科uidance. Closed 11 years ago.

I am sending all form info by POST method and I want to directly print them on the screen. And when I submit

"aaaaaaaaaaaaaaa <b>Hello</b> <script>alert('Hello World')</script>" 

into the input block then I see on the screen printed "aaaaaaaaaaaaaaa" then bold "Hello" and that's it. Where does script goes? Is it a protection that PHP implements???


Check your PHP version and magic_quotes_gpc value. It escapes all REQUEST data. This value should be 'Off'. In PHP 5.3 magic_quotes_gpc is deprectaed.


php does not have native protection against these attacks but sites are supposed to implement these protections

in practice any malicious code will be escaped by the php script

edit:

echo strip_tags($_POST['data'], "<b><i><u>");
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜