API tools faq
paste
Advertisement
bu2chlc

render page safe from XSS

bu2chlc
Nov 16th, 2019
237
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 0.86 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3.   // session, formatting, etc.
  4.   include('header.php');
  5.  
  6.   // connect to database, dry code
  7.   include('db.php');
  8.  
  9.   // the query
  10.   $sql= "SELECT * FROM urls ";
  11.   $result=mysqli_query($conn, $sql);
  12.   if(mysqli_connect_errno() || $result==false)
  13.   {
  14.     // handle error
  15.    
  16.   } else {
  17.     $count=mysqli_num_rows($result);
  18.     echo $count.' results<br>';
  19.     if($count>0)
  20.     {
  21.       // output data of each row
  22.       while($row = mysqli_fetch_assoc($result))
  23.       {
  24.         // htmlentities to prevent xss
  25.        
  26.         // first print the title and a line break
  27.         echo htmlentities($row["title"], ENT_QUOTES) . '<br>';
  28.         // show the image url wrapped in an IMG tag
  29.         echo '<img src="' . htmlentities($row["url"], ENT_QUOTES) . '" >';
  30.         echo '<hr>';        
  31.       }
  32.     }
  33.   }
  34.  
  35.   mysqli_close($conn);
  36.  
  37. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!