需要哪些步骤来安全地编码并使用 javascript 从 html href 传递字符串以构建到 php 程序的链接。
在 javascript 中设置 URL
// encodes a URI component.
path = "mypgm.php?from=" + encodeURIComponent(myvar) ;
在 php 中:
// get passed variables
$myvar = isset($_GET['myvar']) ? ($_GET['myvar']) : '';
// decode - (make the string readable)
$myvar = (rawurldecode($myvar));
// converts characters to HTML entities (reduce risk of attack)
$myvar = htmlentities($myvar);
// maybe custom sanitize program as well?
// see [http://stackoverflow.com/questions/2668854/php-sanitizing-strings-to-make-them-url-and-filename-safe][1]
$myvar = sanitize($myvar);