tea_junkie
New Member
I made a GET form recently.But the problem is that it is highly vulnerable.You can inject your an script as below.\[code\]http://mysite.com/processget.phtml?search=<a href="http://google.com">Hacked</a>\[/code\]I'm able to inject any kind of script into my above URL.I'm actually echoing my GET data using an echo in my BODY,so whenever i enter a malicious script it is being executed in my BODY tag.So now how do i limit this \[code\]http://mysite.com/processget.phtml?search=\[/code\] to just Number,letters and a few symbols which i want.For ex.The user should only be able to enter\[code\]http://mysite.com/processget.phtml?search=A123123+*$\[/code\]So can anyof you help me fix this bug.I'm kind of new to PHP,so please explain.