duanfang5849 2014-02-14 08:01
浏览 155
已采纳

如何通过PHP避免XSS攻击或清理$ _GET的KEY参数

I just tested a link below, will have XXS attack on IE11.

http://example.net/test/?"*alert(1)*"

I had find many of the way to sanitize the url parameter. Mostly all the solution is sanitize $_GET's value instead of $_GET's key like this url Sanitize $_GET parameters to avoid XSS and other attacks

But above's url i provide when i print_r my $_GET is Array ( ["*alert(1)*"] => )

So can i know how to avoid this kind of attack ? They attack using $_GET's key instead of value.

Thanks lot.

  • 写回答

2条回答 默认 最新

  • dongshungou7699 2014-02-24 16:42
    关注

    founded my solution, I need rewrite HTACESS to redirect from http call to https. so that in https environment it will prevent xss attack when they type in their url.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 乘性高斯噪声在深度学习网络中的应用
  • ¥15 运筹学排序问题中的在线排序
  • ¥15 关于docker部署flink集成hadoop的yarn,请教个问题 flink启动yarn-session.sh连不上hadoop,这个整了好几天一直不行,求帮忙看一下怎么解决
  • ¥30 求一段fortran代码用IVF编译运行的结果
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛
  • ¥30 python代码,帮调试,帮帮忙吧