Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I have a question about which one is better? any feedback?
<?php
if (htmlentities($_SESSION['user_role'], ENT_QUOTES) != 'R') {
}
?>
OR
<?php
if ($_SESSION['user_role'] != 'R') {
}
?>
The purpose of htmlentities is to change things to valid HTML. All you care about here is whether the thing in $_SESSION is 'R,' and changing it to valid HTML won't alter that (as 'R,' like any other ASCII character, is already valid HTML).
Since there's no need for htmlentities, skip it.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
<?php
if (empty(htmlspecialchars($_GET["default"]))) {
echo 'Click to type...';
} else {
echo urldecode(htmlspecialchars($_GET["default"]));
}
?>
My code is malfunctioning. Instead of echoing "Click to type..." it does nothing. What is wrong? Thanks so much, I am a noob at PHP.
try:
if (!isset($_GET["default"]) || empty(htmlspecialchars($_GET["default"]))) {
Do you have error_reporting on?
Why the do you have htmlspecialchars inside your if? You don't need it if you think about it for a second.
The recommendation I can give you is to check your request with some debugging (var_dump on your $_GET or using xdebug).
You can also check your URL to see if you have something like localhost/someaction.php?default=something&other_get_parameter=somethingelse&..... If it's on a form you can use you can check on your developer tools in your browser.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
hi i take look inside some php files and find that the php inside is hidden or encrypted ,it's like this
<?php
echo "<div\x20\x69d\x3d\x22s\x69deba\x72\x22>\n\t";
if(is_active_sidebar("\x72igh\x74-\x73i\x64\x65\x62a\x72-s\x69n\x67\x6ce-\x70\x61g\x65"))
{
echo "\t\t";
dynamic_sidebar("\x72\x69\x67\x68\x74-s\x69de\x62\x61r-\x73i\x6e\x67\x6ce-pa\x67e");
echo "\t";
}
echo "\n</\x64\x69v>\x20\x3c!--\x65n\x64\x20\x23s\x69\x64e\x62\x61\x72-->\n\n";
?>
or
<?php $_F=__FILE__;$_X='Pz48NXJ0IDFsNXJ0LTVycjJyJz48NCBjbDFzcz0nNGMybi1yNW0ydjUnPjwvND4gQ1VSTCBQSFAgNXg1bnQ0Mm'));?>
so what's the difference between the both and how we can do this ?
this is not crypting but encoding, the later on is about a file identifier.
It can be done by encoding/decoding text in hexadecimal instead of ascii see http://www.rapidtables.com/convert/number/hex-to-ascii.htm
or by using escaped unicode see https://r12a.github.io/apps/conversion/ <= this is your case
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
The documentation says:
Remove all characters except letters, digits and $-_.+!*'(),{}|\^~[]`<>#%";/?:#&=.
What's the point of using it if it allows quotes and stuff? I can just close the href attribute with " then put some JavaScript. Heck, I can put JavaScript even inside the URL.
It makes sure that the URL is valid. Protecting your presentation layer is up to you through use of well-known, battle-tested sanitization routines.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I am wondering why is that the $_SERVER['DOCUMENT_ROOT'] is not working in my code in echo with html option tag?
This is my sample:
echo "<option value='".$_SERVER['DOCUMENT_ROOT']."'/acces/login/validate?employee=".$login->employee()."&password=".$login->get_pwd()."'>LOGIN</option>";
It's generally a bad idea to reveal your document root, especially as there is no need for it in the browser. That aside, though, you should always look at the rendered HTML:
<option value='/path/to/doc/root'/acces/login/validate?employee=steve
&password=use plaintext and die'>LOGIN</option>
(Line wrap added to avoid ugly horizontal scrollbar)
See that extra ' after the doc root? That'll be your problem.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
Hello I was wondering if I am doing this PHP correct. I am almost 100% is right and should be working. Here is the code:
if($url == '/user/view.html.php?user_id='. $_GET['user_id'].') {
I was wondering if the $_GET part was correct. Is the PHP above correct?
You don't need the second tick. You're done concatenating after your $_GET statement it looks like.
if($url == '/user/view.html.php?user_id='. $_GET['user_id']) {