php code shoddy PHP code simplification

WBOY
Release: 2016-07-29 08:41:43
Original
940 people have browsed it

Copy code The code is as follows:


echo("

search results for query:").
$_GET['query'].".

";
?>


The main problem with this code is that it displays the data submitted by the user directly on the web page, thus creating an XSS vulnerability. There are actually many ways to fill this hole. So, what code do we want?

Copy code The code is as follows:


echo("

search results for query:").
htmlspecialchars($_GET['query']).".";
?>


This is the minimum requirement. The XSS vulnerability was filled with the htmlspecialchars function, thus blocking illegal characters.

Copy code The code is as follows:


if(isset($_GET['query']))
echo'

search results for query:',
htmlspecialchars($ _GET['query'],ENT_QUOTES).'.

';
?>


People who can write such code should be the ones I want to hire:
**Check whether the $_GET['query'] value is empty before outputting it.
*The redundant parentheses in the echo command have been removed.
* Strings are qualified with single quotes, thus saving PHP time in searching for replaceable variables from the string.
* Use commas instead of periods to save echo time.
* Pass the ENT_QUOTES flag to the htmlspecialchars function to ensure that single quotes are also escaped. Although this is not the most important thing, it is also a good habit.

The above introduces the php code. The inferior PHP code is simplified, including the content of php code. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!