web漏洞实训平台DVWA,方便网络安全方向练习
if(isset($_POST['btnSign']))04 {0506 $message= trim($_POST['mtxMessage']);07$name =trim($_POST['txtName']);0809 // Sanitize message input10 $message=stripslashes($message);11 $message= mysql_real_escape_string($message);12 $message= htmlspecialchars($message);1314 // Sanitize name input15 $name=stripslashes($name);16 $name= mysql_real_escape_string($name);17 $name= htmlspecialchars($name);1819 $query="INSERT INTO guestbook (comment,name) VALUES ('$message','$name');";2021 $result= mysql_query($query)ordie('<pre>'. mysql_error() .'</pre>');2223 }2425 ?>
评论