XSS attacks in PHP-PHP Tutorial-php.cn

In recent years, with the rapid development of Internet information technology, our lives are increasingly inseparable from the Internet. The interaction between the network and our daily lives is inseparable from a large amount of code writing, transmission and processing. And these codes need us to protect their security, otherwise malicious attackers will use them to launch various attacks. One of these attacks is XSS attack. In this article, we will focus on XSS attacks in PHP and give corresponding defense methods.

1. Overview of XSS attacks
XSS attacks, also known as cross-site scripting attacks, usually refer to tampering with HTML pages or other web files such as XML files, JavaScript, etc. Add malicious code so that when the user browses to this page, the malicious code will be executed, thereby achieving the purpose of the attack. XSS attacks can exploit the current session, steal browser cookies, and exploit system permissions to conduct various attacks.

2. XSS attack case analysis
In order to better understand the process of XSS attack, we give an example here. The following code is a basic login page code:

if(isset($_POST['submit'])){

fda438d527d1ab7455853d257767f7d1

}
? >

In this example, if the account and password entered by the user are verified in the database, then the login is successful, otherwise the login fails. However, if the user enters malicious code in the account name or password input field, for example:

Then, when the user submits this form, the JavaScript code entered in the input box will be responded to, resulting in an XSS attack.

3. The Harmfulness of XSS Attacks
XSS attacks can allow attackers to steal users’ accounts and passwords, and do many harmful things through malicious code, such as: