waplet Posted September 19, 2008 Report Share Posted September 19, 2008 man ir fails.php,kad uzraksta uzraskt fails.php?links=<script>Alert(11)</script> Izmet to "O.K." Logu,kā neatļaut lietot to kodu? cik man viens paziņa iedeva $a = htmlspecialchars(<script>Alert(111)</script>); echo $a; Viņs tajā lapā kur inlcudots tas kods,izmet to ok logu. Kā izlabot to problēmu. <FORM NAME="registration" ACTION="reg.php?ref=<?=$ref;?>" CLASS="norm" METHOD="POST"> rekur daļa no koda links uz paste.php.lv - http://paste.php.lv/8023 Link to comment Share on other sites More sharing options...
Zandis Murāns Posted September 20, 2008 Report Share Posted September 20, 2008 Tas jautājums nav pat jautājums, bet kaut kāds (pat ne) vārdu savārstījums, no kura neko nevar saprast. Link to comment Share on other sites More sharing options...
codez Posted September 20, 2008 Report Share Posted September 20, 2008 Waplet, ja uzrakstīsi savu "pat ne" vārdu savārstījumu bez gramatikas kļūdām, tad pateikšu, kas jāizdara. Mēs visi pieļaujam šādas kļūdas, bet nu tavs teksts neiztur nekādu kritiku. Ja tu nevari uzrakstīt teikumu bez kļūdām, tad tev nevajag nodarboties ar programmēšanu. Link to comment Share on other sites More sharing options...
waplet Posted September 20, 2008 Author Report Share Posted September 20, 2008 man ir problēma tāda , ka $ref = isset($_GET['ref']) tad vienkārši vajag , htmlspeacialchars($ref) , tur kur viņš izvadās? Link to comment Share on other sites More sharing options...
Kavacky Posted September 20, 2008 Report Share Posted September 20, 2008 Problēma nav $ref = isset($_GET['ref']), problēma ir tajā, ka tu nezini, ko tā rindiņa vispār dara. Link to comment Share on other sites More sharing options...
waplet Posted September 20, 2008 Author Report Share Posted September 20, 2008 kā es varu nezināt, viņā nolasa GET vaicājuma no browsera!! Link to comment Share on other sites More sharing options...
martins256 Posted September 20, 2008 Report Share Posted September 20, 2008 (roflcopter) Izpēti ko dara šis kods. Un iesaku papētīt php.net isset(). <?php $ref = isset($_GET['ref']); echo $ref; echo '<br />'; var_dump($ref); ?> Link to comment Share on other sites More sharing options...
waplet Posted September 20, 2008 Author Report Share Posted September 20, 2008 (edited) http://62.63.185.21/reg?ref=%3Cscript%3Eal...1)%3C/script%3E cik es sapratu viss ir pareizi? edited: Samainīju linku , psc šitā nokļūdīties :DD Edited September 20, 2008 by waplet Link to comment Share on other sites More sharing options...
bubu Posted September 20, 2008 Report Share Posted September 20, 2008 Un ko mums ar tavu localhost URL'i darīt? Instalēt tagad katram apaci uz sava datora? Link to comment Share on other sites More sharing options...
waplet Posted September 20, 2008 Author Report Share Posted September 20, 2008 Edited Link to comment Share on other sites More sharing options...
bubu Posted September 20, 2008 Report Share Posted September 20, 2008 Varbūt tomēr iedod strādājošu linku? Man firefox'is raksta "Network Timeout" uz tavu linku. C:\>ping 62.63.185.21 Pinging 62.63.185.21 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 62.63.185.21: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Link to comment Share on other sites More sharing options...
waplet Posted September 20, 2008 Author Report Share Posted September 20, 2008 Tagad vari iet.Kamēr man PC on. Link to comment Share on other sites More sharing options...
Recommended Posts