I need to send a message from a Flash contact form to PHP. Do I need to encode characters like ' " < > & because of possible XSS attacks or something else?
2条回答 默认 最新
- dourao3960 2012-01-22 03:10关注
Yes but not because of XSS for your case. You don't want to interfere your db query string which is using single or double quotes. Within PHP, escape your $_POST or $_GET vars with this
$myString = mysql_real_escape_string($myString);
If your outputting this data on an HTML page, do this on the output page
echo htmlentities($row['columnName'], ENT_QUOTES);
You may optionally do the above script before you insert it into the database too
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 基于单片机的靶位控制系统
- ¥15 AT89C51控制8位八段数码管显示时钟。
- ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
- ¥15 下图接收小电路,谁知道原理
- ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
- ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
- ¥15 手机接入宽带网线,如何释放宽带全部速度
- ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
- ¥15 ETLCloud 处理json多层级问题
- ¥15 matlab中使用gurobi时报错