How can we avoid my php form from hacking?

0 votes
I wanted to know how can i  avoid $_SERVER["PHP_SELF"]  from exploits?
4 days ago in PHP by kartik
• 1,910 points
15 views

1 answer to this question.

0 votes

Hii @kartik,

If you want to know php from can led to vulnerability check it out- PHP Form Security

  $_SERVER["PHP_SELF"] exploits can be avoided by using the htmlspecialchars() function.

The form code should look like this:

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

The htmlspecialchars() function converts special characters to HTML entities. Now if the user tries to exploit the PHP_SELF variable, it will result in the following output:

<form method="post" action="test_form.php/&quot;&gt;&lt;script&gt;alert('hacked')&lt;/script&gt;">

The exploit attempt fails, and no harm is done!

answered 4 days ago by Niroj
• 3,230 points

Related Questions In PHP

0 votes
1 answer

How to validate E-mail and URL of Php form?

hey, The code below shows a simple way ...READ MORE

answered 4 days ago in PHP by manish
21 views
0 votes
1 answer

How can you display the error messages?

Hey, In the HTML form, we add ...READ MORE

answered 4 days ago in PHP by Niroj
• 3,230 points
13 views
0 votes
1 answer

What is Php json?

Hii @kartik, JSON stands for JavaScript Object Notation, ...READ MORE

answered 3 days ago in PHP by Niroj
• 3,230 points
13 views
+1 vote
1 answer

What is the relationship between angularjs Scope with controller/view?

Let us consider the below block: <div ng-controller="emp"> ...READ MORE

answered Jan 20 in Web Development by Niroj
• 3,230 points

edited Jan 21 by Niroj 29 views
0 votes
1 answer

What is a Cookie? How to create Cookies With PHP?

A cookie is often used to identify ...READ MORE

answered 4 days ago in PHP by Niroj
• 3,230 points
16 views
0 votes
0 answers
0 votes
0 answers

Anyone can help me out to understand the semantic of (document.getElementBYId("demo").innerHTML="Hello") ?

Hello guys, Can Someone helps me to find ...READ MORE

Jan 17 in Web Development by anonymous
• 1,910 points
26 views
0 votes
1 answer

How to Validate Form Data With PHP?

Hey @kartik, The first thing we will do ...READ MORE

answered 4 days ago in PHP by Niroj
• 3,230 points
11 views
0 votes
1 answer

What are the vulnerability related to PHP Form?

Hii, The $_SERVER["PHP_SELF"] variable can be used by ...READ MORE

answered 4 days ago in PHP by Niroj
• 3,230 points
12 views
0 votes
1 answer

How can we send data from MongoDB to Hadoop?

The MongoDB Connector for Hadoop reads data ...READ MORE

answered Mar 26, 2018 in Big Data Hadoop by nitinrawat895
• 10,840 points
249 views