Using Querystring for Notifications
------------
Single query string: ?kayname = value
multiple Querystring : ?kayname = value & keyname3 = value...
Whenever you work with querystring there are multiple cache related problems like autofilling
autocomplete = "off"
Tag Level : <input type="text" name="name" autocomplete="off">
Xss Filtering in PHP : Cross Site Scripting
15/01/2021
Login With Server site validation
---------------------------
Regex in php
------------
We can use pregmatch function to check the validity of Rejex in PHP
syntax:
if(pregmatch(<expression-of-regex>,<subject>)){
// if matched
}else{
// if not matched
}
Task 1..Implement Form Validation Using regex using server side validation on Target page.
for following field set
1. Full name
2. Mobile No.
to trim space from left and right use trim() Hint
Awnish Kumar
name should be validate
Awnish Kumar is validate
Awnish 1234 Invalid
Sanitisation in PHP
---------------------
XSS Filtering : Preventing user or hacker from injecting any other script such that it donot enables php to execute.
XSS Means cross site scripting.
Sometimes you may required tags or sometimes may not require
for Example :
<h1>Hello</h1> from text box when submitted
generates Heading Tag with Hello
Insuch case we need to remove tags
strip_tags() removes the Tag
In some Case Entities are not required
htmlentities() prevents from generating html entities
If you want to generate it
html_entity_decode
In Some cases you may require tag for generating presentation
htmlspecialchars() which automatically converts tags to special character set such that all the code is printed in raw format.
Task:
1. Make a user defined function to perform XSS filtering
function sanitise($arg){
$arg = strip_tags($arg);
$arg = htmlentities($arg);
$arg = htmlspecialchars($arg);
$arg = trim($arg);
return $arg;
}
0 Comments