Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Andrey Terentiev2014-10-05 11:49:31
PHP
Andrey Terentiev, 2014-10-05 11:49:31

Why is this design not allowed?

Good time of the day. On Habré I read that such a construction is unacceptable. Why and how to do it right? I understand it's just not safe. XSS?

<?php
$name = $_GET['name'];
echo "Hello, <b>$name</b>!";
?>

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey, 2014-10-05
@jkwe45

well, yes, it would be necessary to run it through strip_tags/htmlentities at least during the output. You need to filter not only user input, but also the output of user data. Users, you know, can't be trusted.

Similar questions
B
Boris Greinov2021-03-18 20:53:14
Synthesizing speech to a website but not Web Speech Api? 3Reply
E
Evgeny Samsonov2015-04-05 17:45:37
What is the name of the USB device? 3Reply
S
sergeybogevolny2015-04-06 21:36:50
Is there an example of interaction between bootstrap wizard form and php? 2Reply
K
khudobinvasiliy2021-04-02 20:04:00
How to resolve 500 error on Flask Heroku? 3Reply
V
Vladimir Karpenko2017-04-19 19:41:47
What if there are two databases in an ASP.NET MVC5 project: one is database first, the other is code first? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question