开发者

Calling an iframe by Php

I tried calling an Iframe like this but it did not work ! Why is it so ?

 <iframe id="frame" src="load.php?sinput="<开发者_StackOverflow中文版?php echo $_GET["sinput"]; ?> > </iframe>


$_GET['sinput'] needs to be within the double quotes of the src argument:

<iframe id="frame" src="load.php?sinput=<?php echo $_GET['sinput'] ?>">
</iframe>


Simply put - why couldn't you :) The PHP code's output goes into the HTML markup, leading to the ?sinput= being followed just by what the $_GET['sinput'] has in PHP. However, doing that without parameter sanitization is a very bad idea, as a hypothetical attacker can basically input arbitrary HTML - and JavaScript! - in your page with a specifically crafted link. (See the Wikipedia article on cross-site scripting for more information.)

Anyway, you say that it doesn't work - what does the page have there, then? Literally

<iframe src="load.php?sinput=<?php echo $_GET['sinput']; ?>">

or

<iframe src="load.php?sinput=">

? If it's the first one, then your web server is not properly recognizing the page as containing PHP code, if the second, your PHP script doesn't find anything in the $_GET['sinput'] variable.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜