niche Posted August 16, 2012 Share Posted August 16, 2012 (edited) I am simulating an attack and I can't figure out why htmlspecialchars() is causing a parse error as in: $char = htmlspecialchars("while (1) alert ("Gotcha!");",ENT_COMPAT); Edited August 16, 2012 by niche Link to comment Share on other sites More sharing options...
birbal Posted August 16, 2012 Share Posted August 16, 2012 "while (1) alert ("Gotcha!");"php cant decide which double quotes is for literal value. you need to escape the inside quotes to treat them as literal value"while (1) alert (\"Gotcha!\");" 2 Link to comment Share on other sites More sharing options...
niche Posted August 16, 2012 Author Share Posted August 16, 2012 Thanks birbal but I was experimenting with different character combinations the a user might use accidentally or on purpose. I've never looked specifically at how dbl quotes work there way through php as a form input or a hack. I just assumed they'd be processed. I know I should've known better. They don't work for me without escaping. Obviously they won't work for a user for the same reason. I did discover that unescaped dbl and single quotes as a form input results in no data being placed in a table. I didn't know that explicitly. I suppose that counts a problem solved even though it wasn't ever a problem. I'll just count the last hour to towards my 10,000. Am I there yet? lol Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now