duanfang5849 2014-02-14 08:01
浏览 155
已采纳

如何通过PHP避免XSS攻击或清理$ _GET的KEY参数

I just tested a link below, will have XXS attack on IE11.

http://example.net/test/?"*alert(1)*"

I had find many of the way to sanitize the url parameter. Mostly all the solution is sanitize $_GET's value instead of $_GET's key like this url Sanitize $_GET parameters to avoid XSS and other attacks

But above's url i provide when i print_r my $_GET is Array ( ["*alert(1)*"] => )

So can i know how to avoid this kind of attack ? They attack using $_GET's key instead of value.

Thanks lot.

  • 写回答

2条回答 默认 最新

  • dongshungou7699 2014-02-24 16:42
    关注

    founded my solution, I need rewrite HTACESS to redirect from http call to https. so that in https environment it will prevent xss attack when they type in their url.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥30 类鸟群Boids——仿真鸟群避障的相关问题
  • ¥15 CFEDEM自带算例错误,如何解决?
  • ¥15 有没有会使用flac3d软件的家人
  • ¥20 360摄像头无法解绑使用,请教解绑当前账号绑定问题,
  • ¥15 docker实践项目
  • ¥15 数电几道习题,写出作答过程,ai一律不采用
  • ¥15 利用pthon计算薄膜结构的光导纳
  • ¥15 海康hlss视频流怎么播放
  • ¥15 Paddleocr:out of memory error on GPU
  • ¥30 51单片机C语言数码管驱动单片机为AT89C52