As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for g开发者_C百科uidance.
Closed 11 years ago.
I am sending all form info by POST method and I want to directly print them on the screen. And when I submit
"aaaaaaaaaaaaaaa <b>Hello</b> <script>alert('Hello World')</script>"
into the input block then I see on the screen printed "aaaaaaaaaaaaaaa" then bold "Hello" and that's it. Where does script goes? Is it a protection that PHP implements???
Check your PHP version and magic_quotes_gpc value. It escapes all REQUEST data. This value should be 'Off'. In PHP 5.3 magic_quotes_gpc is deprectaed.
php does not have native protection against these attacks but sites are supposed to implement these protections
in practice any malicious code will be escaped by the php script
edit:
echo strip_tags($_POST['data'], "<b><i><u>");
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论