I made a GET form recently.But the problem is that it is highly vulnerable.You

Question

0

Asked: May 17, 20262026-05-17T00:02:38+00:00 2026-05-17T00:02:38+00:00

I made a GET form recently.But the problem is that it is highly vulnerable.You

0

I made a GET form recently.But the problem is that it is highly vulnerable.You can inject your an script as below.

http://mysite.com/processget.phtml?search=<a href="http://google.com">Hacked</a>

I’m able to inject any kind of script into my above URL.I’m actually echoing my GET data using an echo in my BODY,so whenever i enter a malicious script it is being executed in my BODY tag.So now how do i limit this http://mysite.com/processget.phtml?search= to just Number,letters and a few symbols which i want.

For ex.The user should only be able to enter

http://mysite.com/processget.phtml?search=A123123+*$

So can anyof you help me fix this bug.I’m kind of new to PHP,so please explain.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T00:02:39+00:00

Editorial Team

2026-05-17T00:02:39+00:00Added an answer on May 17, 2026 at 12:02 am

Strip the tags:

echo strip_tags($_GET['search']);

Actually, you may want htmlspecialchars instead, which escapes the tags instead of removing them so they display as intended:

echo htmlspecialchars($_GET['search']);

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I made a GET form recently.But the problem is that it is highly vulnerable.You

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply