GavinPearce
06-24-2004, 03:29 PM
<?php
// http://www.domain.com/index.php?a=1&b=2
// use the $_GET to access the search of a url
echo $_GET['a']; // would print '1'
echo $_GET['b']; // would print '2'
?>
Doing the above if I then print 'a' into the HTML it allows anyone to put any code they like into my page. How would I modify it so it only prints a text output and doesn't allow them to change page styles or at the worst, hack into the server...
Cheers all!
// http://www.domain.com/index.php?a=1&b=2
// use the $_GET to access the search of a url
echo $_GET['a']; // would print '1'
echo $_GET['b']; // would print '2'
?>
Doing the above if I then print 'a' into the HTML it allows anyone to put any code they like into my page. How would I modify it so it only prints a text output and doesn't allow them to change page styles or at the worst, hack into the server...
Cheers all!