Ajax software     Free javascripts 
↑


Main Page

show support for other sites engaging questionable but otherwise mundane destinations; but either way,

you probably want to make sure you don’t advocate any of the above without actually knowing it.

Here is an example of code before and after the proper escaping practice. First, here’s the version that

doesn’t use a proper escaping technique:

<?php

// don’t try this at home

echo ‘Your query for ‘ .

$_GET[‘parameter’] .

‘ has no results.’;

?>

And here’s the version that correctly escapes the input data:

<?php

// proper escaping technique

echo ‘Your query for ‘ .

htmlspecialchars($_GET[‘parameter’]) .

‘ has no results.”;

?>

The following short exercise illustrates the difference.

Escaping Input Data

1.

In your

seophp

folder, create a script named

param_no_escape.php

and type this code:

<?php

// don’t try this at home

echo ‘Your query for ‘ .

$_GET[‘parameter’] .

‘ has no results.’;

?>

2.

Create a new script named

param_escape.php

with this code:

<?php

// proper escaping technique

echo ‘Your query for ‘ .

All the exercises assume that you have configured your machine as described in

Chapter 1. Visit

http://www.seoegghead.com/seo-with-php-updates.html

for

updates related to this code.

We cannot stress enough that this is a major problem that is largely ignored. You

must fix your vulnerable sites, or someone else will eventually make you fix it.

178

Chapter 8: Black Hat SEO

c08.qxd:c08 10:59 178

Ajax software     Free javascripts 
→