PHPのセキュリティ対策例

・Script Insertion(スクリプト挿入)

————————————————————
$string = htmlspecialchars($post_data, ENT_QUOTES, ‘UTF-8’);
————————————————————

・$post_data はブラウザ等で入力されたデータが格納されている。

・htmlspecialcharsの第二引数は指定しない場合は”(ダブルクォート)でエスケープされる。
ダブルクォートでは変数が展開されるため、ENT_QUOTES ( ‘ ) シングルクォートを指定する。

・第三引数は文字コードなので、環境に応じ変更する。

10 Comments

  1. webmail says:

    … [Trackback]

    […] Here you will find 38891 more Info on that Topic: dragon-ark.com/archives/425 […]

  2. exchange online plan 2 says:

    … [Trackback]

    […] Find More Info here to that Topic: dragon-ark.com/archives/425 […]

  3. it danışmanlık hizmeti says:

    … [Trackback]

    […] Here you will find 45059 more Information to that Topic: dragon-ark.com/archives/425 […]

  4. sbo says:

    … [Trackback]

    […] Find More Information here on that Topic: dragon-ark.com/archives/425 […]

  5. bilişim danışmanlık hizmeti says:

    … [Trackback]

    […] Find More Info here on that Topic: dragon-ark.com/archives/425 […]

  6. Exchange Bulut Mail says:

    … [Trackback]

    […] Read More to that Topic: dragon-ark.com/archives/425 […]

  7. คา สิ โน ออนไลน์ ไม่มี ขั้น ต่ำ says:

    … [Trackback]

    […] Info to that Topic: dragon-ark.com/archives/425 […]

  8. hack instagram says:

    … [Trackback]

    […] Read More to that Topic: dragon-ark.com/archives/425 […]

  9. microsoft exchange online price says:

    … [Trackback]

    […] Information on that Topic: dragon-ark.com/archives/425 […]

  10. instagram audit says:

    … [Trackback]

    […] Find More Info here on that Topic: dragon-ark.com/archives/425 […]

Leave a Reply