2
Contributors
6
Replies
7
Views
7 Years
Discussion Span
Last Post by cwarn23
0

Do you mean like this?

<?php
$variable='i45';
echo '<img src="http://'.$variable.'.expamle.com/'.urlencode($_GET['code']).'">';
?>
0

No i mean like this ...

<img src="http://<?php echo $_GET['code']; ?>.example.com/<?php echo $_GET['id']; ?>">

Edited by aryanmughal: n/a

1

If your going to do that then I would suggest the following:

<img src="http://<?php echo urlencode($_GET['code']); ?>.example.com/<?php echo urlencode($_GET['id']); ?>">

That will stop xss attacks.

0

Can you please tell me whats type of attacks they are

Basically xss attacks are when a user tries to inject code into a webpage. For example, the following is an xss attack.

URL=http://example.com/index.php?code="><script>alert("xss attack");</script>&id=1

<img src="http://<?php echo $_GET['code']; ?>.example.com/<?php echo $_GET['id']; ?>">

As you can see they put html code into the url and it made that html code appear into the webpage. This can cause security problems which is why url data should always be filtered.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.