Just type following given code and edit as per your needs and your webpage will be XSS secured...
<?php
if(isset($_POST['btnSign']))
{
$message = trim($_POST['mtxMessage']);
$name = trim($_POST['txtName']);
// Sanitize message input
$message = stripslashes($message);
$message = mysql_real_escape_string($message);
$message = htmlspecialchars($message);
// Sanitize name input
$name = stripslashes($name);
$name = mysql_real_escape_string($name);
$name = htmlspecialchars($name);
$query = "INSERT INTO guestbook (comment,name) VALUES ('$message',
'$name');";
$result = mysql_query($query) or die('<pre>' . mysql_error() .
'</pre>' );
}
?>
|
No comments:
Post a Comment