Let’s define a simple function to prevent the querysting from being tampered with external code.

Lets take an example, If you have a webpage like

http://www.mistonline.in/search/index.php?name=java , there is every possiblity that a hacker can try to inject some javascript in that something like this

http://www.mistonline.in/search/index.php?name=<script language=javascript>setInterval
(“window.open(‘http://www.baddomain.com/’,'innerName’)”,50);
</script>

Like this there are numerous techniques, So inorder to prevent this from happening on your webpage use the below code which is very simple written using php

A Quick Look at Cross Site Scripting – Coding for our safety

function validateQueryString ( $queryString , $min=1,
$max=32 ) {
if ( !preg_match ( "/^([a-zA-Z0-9]{".$min.",".$max."}=[a-zA-Z0-9]{".$min.",".$max."}&?)
+$/", $queryString ) ) {
return false;
}
return true;
}?>

Once we have defined this function, we call it this way:

< ?php
$queryString = $_SERVER[‘QUERY_STRING’];
if ( !validateQueryString ( $queryString ) ) {
header( ‘Location:404.php’ );
}
else {
echo ‘Welcome to ’.stripslashes($_GET[‘name’].' pages');
}?>

Incoming search terms:

• prevent cross site scripting php (4)
• php prevent cross site (4)
• jsp prevent xss (4)
• php prevent xss (3)
• php prevent cross-site (3)
• javascript function to stop xss (3)
• how to prevent cross site scripting php (3)
• how to stop cross site scripting in php (2)
• how to eliminate javascript xss in php (2)
• prevent xss php query string (2)
• stop cross site scripting php (2)
• how to prevent cross site scripting in php (2)
• how to stop cross site scripting php (2)
• how to prevent xss in bbs (2)
• xss php tutorial (2)
• xss mysl drop down (2)
• php cross site scripting querystring (2)
• php avoid cross site (2)
• Avoid Cross Site Scripting php (2)
• xss php query_string (2)
• php stop cross site scripting (2)
• php query_string xss (2)
• php stop cross scripting (2)
• php protect from cross site (1)
• prototype js prevent xss (1)
• print nestedsortable php (1)
• prevent xss quickly php (1)
• preventing swf xss (1)
• prevent xss with php (1)
• prevent xss in method post php (1)
• prevent site-cross scripting (1)
• php stop cross site (1)
• php tutorial avoid xss (1)
• php xss block javascript in query string (1)
• prevent cross script in jsp javascript (1)
• prevent cross scripting with php (1)
• prevent cross-site scripting php (1)
• prevent cross-site switching in php (1)
• prevent direct access to php query string (1)
• prevent query string cross site scripting (1)

You will also be interested in ,

• Speed up wordpress using .htaccess part 1
• Creating random number using php
• “Header already sent” in php error and other use of Header function in PHP
• Finding size of a directory using php
• Exclamation mark (!) at odd places while using php mail fixed
• How to split a word or sentence delimited with slashes, commas or hyphens
• Convert Month Name To Month Number Using Simple php
• Using PHP_SELF best practices
• Find out which mode php is running CGI or DSO mode
• Tag cloud using php, mysql and ajax with filter