I need to send a message from a Flash contact form to PHP. Do I need to encode characters like ' " < > & because of possible XSS attacks or something else?
2条回答 默认 最新
dourao3960 2012-01-22 03:10关注Yes but not because of XSS for your case. You don't want to interfere your db query string which is using single or double quotes. Within PHP, escape your $_POST or $_GET vars with this
$myString = mysql_real_escape_string($myString);If your outputting this data on an HTML page, do this on the output page
echo htmlentities($row['columnName'], ENT_QUOTES);You may optionally do the above script before you insert it into the database too
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报
分享
- 2012-01-22 02:23回答 2 已采纳 Yes but not because of XSS for your case. You don't want to interfere your db query string which i
- 2015-06-11 15:16回答 1 已采纳 Use this to the variable while output $var = "£"; echo utf8_encode($var); and make sure your
- 2015-10-03 04:14回答 1 已采纳 I prepared a regular expression and replaced it with balnk. $str = "Â some text"; echo $str = pr
- f1sd的博客 yum -y install php php-mysql gd php-gd gd-devel php-xml php-common php-mbstring php-ldap php-pear php-xmlrpc php-imap 3. 搭建企业网站 在完成环境部署后,参考以下操作搭建企业网站。 在ECS服务器上,执行...
- 2015-07-30 09:48回答 2 已采纳 URLs cannot contain "Ö"! Start from this basic premise. Any characters not within a narrowly defin
- 2014-03-12 09:00回答 3 已采纳 You need to add the u modifier to the RegEx and it works nicely: $output = 'Clean this copy of in
- 2019-02-06 17:59回答 1 已采纳 If you want to only get the numbers, you could do a preg_match $re = '/(\d+\/\d+)/s'; $str = 'dfs
- 2019-09-12 17:24cigaogu2521的博客 foreach ($param as $name => $content) { $data .= "--" . static::$delimiter . "\r\n" . 'Content-Disposition: form-data; name="' . $name . "\"\r\n\r\n" . $content . "\r\n"; } // 拼接文件流 $data ...
- 2017-08-02 21:25回答 1 已采纳 Try using this: $data = array('key' => urlencode('ñ')); And in the $url file: $_POST['k
- 2017-01-27 10:35回答 2 已采纳 You should check the character encoding of the xlsx file. If the file was created on windows then
- 2012-06-22 05:50回答 2 已采纳 The DateTime class was introduced in PHP 5.2 and would allow you to use something like this $dt =
- 2022-02-25 20:23yangmaolin1234的博客 1、下载官方提供的sdk(https://github.com/wechatpay-apiv3/wechatpay-php) 2、创建订单 use WeChatPay\Builder; use WeChatPay\Crypto\AesGcm; use WeChatPay\Crypto\Rsa; use WeChatPay\Formatter; use WeChatPay\...
- 2017-01-02 20:53回答 2 已采纳 You can use str_replace in PHP . like this. intval(str_replace('.','',$string)) Assuming you a
- 2020-12-17 21:03php function dhtmlspecialchars($string) { if(is_array($string)) { foreach($string as $key => $val) { $string[$key] = dhtmlspecialchars($val); } } else { $string = preg_replace(‘/&((#(\d{3,5}|x[a-...
- 2020-12-26 16:30lionvc1的博客 配置文件 config/app.php5. 发布 Dingo 和 JWT 的配置文件1)发布配置文件2)修改配置文件3)修改 config/auth.php 配置文件6. 在 .env 中写入 Dingo 配置7.新增phone字段1)修改database/migrations/da2014_10_12_...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 基于单片机的靶位控制系统
- ¥15 AT89C51控制8位八段数码管显示时钟。
- ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
- ¥15 下图接收小电路,谁知道原理
- ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
- ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
- ¥15 手机接入宽带网线,如何释放宽带全部速度
- ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
- ¥15 ETLCloud 处理json多层级问题
- ¥15 matlab中使用gurobi时报错