Quick method to prevent cross site scripting in php
Quick method to prevent cross site scripting in php
Let’s define a simple function to prevent the querysting from being tampered with external code.
Lets take an example, If you have a webpage like
http://www.mistonline.in/search/index.php?name=java , there is every possiblity that a hacker can try to inject some javascript in that something like this
http://www.mistonline.in/search/index.php?name=
Like this there are numerous techniques, So inorder to prevent this from happening on your webpage use the below code which is very simple written using php
A Quick Look at Cross Site Scripting – Coding for our safety
function validateQueryString ( $queryString , $min=1,
$max=32 ) {
if ( !preg_match ( "/^([a-zA-Z0-9]{".$min.",".$max."}=[a-zA-Z0-9]{".$min.",".$max."}&?)
+$/", $queryString ) ) {
return false;
}
return true;
}?>
Once we have defined this function, we call it this way:
< ?php $queryString = $_SERVER[‘QUERY_STRING’]; if ( !validateQueryString ( $queryString ) ) { header( ‘Location:404.php’ ); } else { echo ‘Welcome to ’.stripslashes($_GET[‘name’].' pages'); }?>