Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/url/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
$\u服务器[';PHP#u SELF';]和$\u GET in action属性_Php_Url_Urlencode_Htmlspecialchars - Fatal编程技术网
Fatal编程技术网
  • php/
  • $\u服务器[';PHP#u SELF';]和$\u GET in action属性

$\u服务器[';PHP#u SELF';]和$\u GET in action属性

php url

$\u服务器[';PHP#u SELF';]和$\u GET in action属性,php,url,urlencode,htmlspecialchars,Php,Url,Urlencode,Htmlspecialchars,将$\u SERVER['PHP\u SELF']和$\u GET in action表单属性组合在一起时是否存在任何安全问题,如下所示: $id = $_GET['id']; echo "<form name='name' action='".htmlspecialchars($_SERVER['PHP_SELF']."?id=".urlencode($id), ENT_QUOTES, 'utf-8')."' method='post'></form>";

将$\u SERVER['PHP\u SELF']和$\u GET in action表单属性组合在一起时是否存在任何安全问题,如下所示:

$id = $_GET['id'];

echo "<form name='name' action='".htmlspecialchars($_SERVER['PHP_SELF']."?id=".urlencode($id), ENT_QUOTES, 'utf-8')."' method='post'></form>";    

$id=$\u GET['id'];
回声“;
?

这是使用htmlspecialchars和urlencode的正确方法吗

干杯

Nikola

您可以在隐藏字段中发布$id。您可以在隐藏字段中发布$id的可能副本。可能重复的