Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php $_POST['txt'] = htmlspecialchars($_POST['txt']); ?>
- <form method="post">
- <input name="txt" value="<?=$_POST['txt'] ?>" />
- <input type="submit" name="save" value="test" />
- </form>
- 1) Type & into the text field
- 2) Hit the test button once
- 3) When the page completes post back, hit the test button again
- 4) When the page completes post back, view the page source code
- <input value="&" />
- <input value=""" />
- $_POST['txt'] == '&';
- htmlspecialchars('&') == '&'
- txt=&
- txt=&&user=soulmerge&pass=whatever
Add Comment
Please, Sign In to add comment