API tools faq
paste
code_junkie

php htmlspecialchars() from one form to another

code_junkie
Nov 14th, 2011
125
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.52 KB | None | 0 0
raw download clone embed print report
  1. <?php $_POST['txt'] = htmlspecialchars($_POST['txt']); ?>
  2. <form method="post">
  3. <input name="txt" value="<?=$_POST['txt'] ?>" />
  4. <input type="submit" name="save" value="test" />
  5. </form>
  6.  
  7. 1) Type & into the text field
  8. 2) Hit the test button once
  9. 3) When the page completes post back, hit the test button again
  10. 4) When the page completes post back, view the page source code
  11.  
  12. <input value="&" />
  13.  
  14. <input value="&quot" />
  15.  
  16. $_POST['txt'] == '&';
  17. htmlspecialchars('&') == '&'
  18.  
  19. txt=&
  20.  
  21. txt=&&user=soulmerge&pass=whatever
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!