Reply to Re: accessing array data inside of an array — PHP Programming Language

Posted by Rik Wasmus on 11/19/07 18:13

On Mon, 19 Nov 2007 13:23:08 +0100, bill <nobody@spamcop.net> wrote:

> Toby A Inkster wrote:
>> bill wrote:
>>
>>> echo "<br />pic_name =3D $_FILES[picture][name]";
>> echo "<br />pic_name =3D {$_FILES[picture][name]}";
>>
> Rik and Toby
> Thanks, something new to learn.

Hmm, now I think about it: offcourse you never ever change the $_FILES =

array yourself, you just use it's information. There is no way you shoul=
d =

echo user supplied strings directly to the page. At least use =

htmlentities() on them before displaying them, or you're vulnerable to s=
o =

called XSS attack.

See <http://en.wikipedia.org/wiki/Cross_site_scripting>, Type 1 (and =

possibly 2 depending on further processing).
-- =

Rik Wasmus

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация