1. Free hosting has only what they give. 2. Better, but not necessarily. A decent guest will leave a message as needed (via my form), and good the hacker will still bypass your $_GET, $_POST, $_COOKIE and $HTTP_REFERER too. 3. Length control is performed, but only implicitly, by the database itself (the only thing is that only the message itself can be huge - up to 64Kb). 4. Yes, there is, HtmlSpecialChars was used, I did not use AddSlashes (and this is a big mistake, I admit my fault, see below). With magic_quotes_gpc enabled, this problem is not so acute, but the security hole remains (in the control panel). 5. Yes, I agree, it would be possible to cut it out, but the name #[email protected]%#$^%$
nothing worse than AF4ETX09T43. There is a hole in the e-mail and url, you can use scripts. 6. I wonder what is not uninitialized?
There are a number of interesting tricks, such as protecting against automatic input through an image (as on this site) http://www.site/webmast/php/Security-Images-in-PHP/
...
It seems that there were no pictures, why complicate the demo. So far, I have never met a guest with such protection. As for this site, it is not a guest site.
Anatomy of XSS Cross-Site Scripting http://www.woweb.ru/index.htm/id/1073393942
Very interesting, thanks.
Z.Y. If Afftor would bother to read (and delve into) the articles on the same site, he would understand how unprofessional his work is. It is worth considering the experience of previous Authors and, at least, respecting their works - they wrote for you.
Where is there no respect? Sorry if I offended anyone.
As for protection, I advise you to read the first paragraph of the article again, I did not set out to consider a reliable guestbook, but only to show how you can write protozoan guestbook, for those who are just starting to learn CGI, because not everything comes right away, you have to start with a simple one, and you didn’t become so smart right away, you also made mistakes, so let’s leave the protection aspects to other articles, other authors.
Yes, in terms of protection, this script is unprofessional, and I am not a professional in the field of protection, which is why the first paragraph contains the corresponding disclaimer, which, unfortunately, not everyone has read.
PS
Quote: Law "On Copyright and Related Rights" Article 6. Object of copyright. General provisions 1. Copyright extends to works of science, literature and art, which are the result of creative activity, regardless purpose and merit work, as well as the way it is expressed. You can read the rest here: http://www.febras.ru/~patent/copyright/2_3part2.html Including Article 9. p.1 And it's not up to you to decide whether I use my right or not.
A guest book can be a great way for your website visitors to make a permanent impression on their presence on your website without being too intrusive. Before you start thinking about the HTML source for a guestbook, you need to decide how you want it to flow and how you want it look. In this case we will look at a guestbook that places a form for users to sign at the top. Below that there will then be a list of all the comments posted by the readers.
The HTML Source Code
The HTML source for our guestbook will consist of a web form and a list of DIV containers which will hold the display for the signed comments. The Part of the code that will handle the form is a simple as this.