php - Xss when echoing direct from url -

-

this question has answer here:

i printing directly form url 

if(isset($_get['name']){    echo $_get['name']) }

but friend told me bad , vulnerable xss how bad , should prevent xss?

just wrap content should not contain tags in htmlspecialchars

echo htmlspecialchars($_get["name"]);

Comments

Post a Comment

Popular posts from this blog

c# - SelectList with Dictionary, add values to the Dictionary after it's assigned to SelectList -

-
i have following code - dictionary<string, string> mydict = new dictionary<string, string>(); mydict.add("keya", "valuea"); mydict.add("keyb", "valueb"); ienumerable<selectlistitem> myselectlist = new selectlist(mydict, "key", "value") further down in program, want add values mydict . possible? if yes, how? want - myselectlist.mydict.add("keyc", "valuec"); if you're wanting add items mydict, possible, , changes reflected in of myselectlist 's enumerations long changes made before enumeration (e.g. using .tolist() ) generated. as worked example: dictionary<string, string> mydict = new dictionary<string, string>(); mydict.add("keya", "valuea"); mydict.add("keyb", "valueb"); ienumerable<selectlistitem> myselectlist = new selectlist(mydict, "key", "value...
Read more

javascript - Chart.js - setting tooltip z-index -

-
http://jsfiddle.net/gmannib/j2mwpj43/7/ ^ see sample fiddle above. notice how tooltips piechart go underneath "earth" icon have in middle there? there way set z-index property of tooltips above earth icon? thought work? race.tooltip.style.zindex = "5"; i'm still learning...thank kind help! just give higher z-index value canvas , done. see demo . css code canvas#race{position:relative; z-index:1;}
Read more

how can i manage url using .htaccess in php? -

-
i want manage url of website right showing me www.computermall.co.in/product_details.php?prdid=34 but want www.computermall.co.in/product_details/34 how can it? i have tried this options +followsymlinks -multiviews rewriteengine on rewritebase /computermall # uri-path directly the_request variable rewritecond %{the_request} ^(get|head)\s/(.*)\.php [nc] # strip extension , redirect permanently rewriterule .* /%2 [r=301,l,nc] rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewritecond %{request_uri} !\.php [nc] # map internally original resource rewriterule ^(.*)$ $1.php [l,qsa] try this: rewriteengine on rewriterule ^product_details/prdid/([^/]*)$ /product_details?prdid=$1 [l] edit: removed leading slash
Read more