duandi8613 2013-05-21 14:42 采纳率: 100%
浏览 54
已采纳

请求保存网址

I would like to read a url. www.domain.com?cookie=set&redirect=yes

Now I want to use $ _SERVER['REQUEST_URI'] but this does not work with strip_tags and htmlspecialchars.

Also many I read that you should watch for XSS.

Does anyone know how to save a URL can be used by GET?

$url = "http://'.$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI];
$url = strip_tags($url);//doesnt work
$url = htmlspecialchars($url);//doesnt work

Thanks!

Edit to (doesnt work):

$url = "http://".$_SERVER[HTTP_HOST]."".$_SERVER[REQUEST_URI];
$url = strip_tags($url);
echo $url;

for example www.domain.com?cookie=set&redirect=yes

output => index.php?cookie=se%3Cscript%3Et&re%3Cb%3Ed%3C/b%3Eirect=yes

  • 写回答

1条回答 默认 最新

  • duanlv5084 2013-05-21 14:46
    关注

    This line

    $url = "http://'.$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI];

    Needs to be either

    $url = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";

    or 

    $url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

    The way you are currently doing it will not concatenate the data correctly.

    Issues with the your line:

    1. Your mixing quotes around the protocol " to open and ' to close
    2. You are not quoting the $_SERVER params e.g $_SERVER['PARAM']
    3. You are not joining the 2 $_SERVER vars with anything so you'll get a syntax error
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题