Reply to Re: accessing array data inside of an array — PHP Programming Language

Posted by bill on 11/20/07 12:19

Rik Wasmus wrote:
> On Mon, 19 Nov 2007 13:23:08 +0100, bill <nobody@spamcop.net> wrote:
>
>> Toby A Inkster wrote:
>>> bill wrote:
>>>
>>>> echo "<br />pic_name = $_FILES[picture][name]";
>>> echo "<br />pic_name = {$_FILES[picture][name]}";
>>>
>> Rik and Toby
>> Thanks, something new to learn.
>
> Hmm, now I think about it: offcourse you never ever change the $_FILES
> array yourself, you just use it's information. There is no way you
> should echo user supplied strings directly to the page. At least use
> htmlentities() on them before displaying them, or you're vulnerable to
> so called XSS attack.

just for debugging. Not a live application
>
> See <http://en.wikipedia.org/wiki/Cross_site_scripting>, Type 1 (and
> possibly 2 depending on further processing).

thanks for the reminder however

bill

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация