Jump to content

teshiburu

New Members
  • Posts

    1
  • Joined

  • Last visited

teshiburu's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Morning all, I am quiet a novice when it comes to php, only been coding for about 2-3 months, and I really havent encountered any issues, the site im working on uses parameters in URLS (e.g. test.php?s=222200ssskkk) However when I run my site through Acunetixs i get XSS and HPP issues, I have tried applying some php code to prevent this at the $_GET point on the pages that use the params, this is my code $s = ereg_replace('#\W#', "",htmlentities(substr(strip_tags($_GET['s']),0,50),ENT_QUOTES)); however it would appear that acunetix is changing the value of $_GET['s'] before it hits these so the XSS and HTTP p issues still arise? Can anyone advise how i should sanitize this first? also on a similar issue i use the string above to sanitize before saving to mySQL database, yet i still see characters like () :// and such, what have i missed here? Steve x
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.