好了,所以這是我的HTML形式POST +直接。不張貼
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<!-- XHTML ADVANCED -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Find Hotels</title>
<style type="text/css">
a:visted {color:#e27023; }
.duksai {margin-right:10px; font-size:12pt; margin-left:58px; font-family:arial; }
.ifivmjg {margin-right:10px; font-size:14pt; margin-left:20px; font-family:arial; font-weight:bold; }
body {color:#000; width:640px; font-family:arial; margin:0 auto; }
.ijvdpgk {padding-top:10px; }
.dropDownValuesText1 {font-size:12pt; margin-left:10px; font-family:arial; }
.marginLeftRight10px {margin-right:10px; margin-left:10px; }
a:link {color:#d74119; }
.famvote {margin-right:10px; padding-top:5px; text-align:right; font-size:11pt; margin-left:10px; font-family:arial; }
.headerRightButton {text-align:right; margin:5px; }
.ngcwmjg {margin-right:10px; font-size:14pt; margin-left:25px; font-family:arial; font-weight:bold; }
.header {height:45px; width:640px; background-color:white; }
a:active {color:#ffe2b0; }
.onhqbwf {color:#8E8077; text-align:center; width:640px; font-size:10px; font-family:arial; }
.umoanjg {margin-right:10px; font-size:14pt; margin-left:10px; font-family:arial; font-weight:bold; }
.pgrvmh {margin-right:10px; font-size:12pt; margin-left:28px; font-family:arial; }
.fwmduhg {display:none; }
.luadegf {height:34px; width:249px; margin-left:40px; border:0; }
.etqkskk {border-top-style:solid; padding-top:3px; height:24px; text-align:center; font-size:12px; background-color:#EFEFEF; border-color:#CDC5C0; font-family:arial; border-width:1px; padding-bottom:3px; }
.vbjanh {margin-right:10px; font-size:12pt; margin-left:10px; font-family:arial; }
.hhsrkom {width:640px; }
.Label {font-size:14pt; margin-left:10px; font-family:arial; font-weight:bold; }
.lghspdf {text-align:right; width:65%; }
img {border:0; }
.oaoftwj {margin:0px; padding:0px; }
a:hover {color:#ffe2b0; }
.gwlmmic {text-align:center; width:320px; }
</style><meta name="description" content="Find Hotels"/>
</head>
<body class="oaoftwj">
<table class="header">
<tr>
<td></td>
</tr>
<tr>
<td class="lghspdf">
<img src="http://prodcache.internal.ihg.com/content/dam/mobile/6c/en/us/intercontinental-hotels-group.jpg" alt="Brand Logo" width="76" height="45"/>
</td>
<td class="headerRightButton">
<a href="http://www.ichotelsgroup.com/wireless/6c/us/en/home.action"><img src="http://prodcache.internal.ihg.com/content/dam/mobile/6c/en/us/btn_med_return-to-search.gif" alt="Home" width="70" height="17"/></a>
</td>
</tr>
</table>
<!-- TextBlock -->
<div class="etqkskk">
For Reservations:<a href="tel:+448000839876" >
44 800 083 9876</a><br />
</div>
<!-- TextBlock -->
<div class="ijvdpgk">
</div>
<!-- TextBlock -->
<div class="famvote">
* Indicates required field
</div>
<form action="functions.php" method="post">
<div>
<input type="hidden" name="country" value="GBR">
<input type="hidden" name="city" value="SWINDON" /><br />
<span class="umoanjg">Check-In Date *</span><br />
<select class="vbjanh" name="checkinDay" title="">
<option value="1" >1</option>
<option value="2" >2</option>
<option value="3" >3</option>
<option value="4" >4</option>
<option value="5" >5</option>
<option value="6" >6</option>
<option value="7" >7</option>
<option value="8" >8</option>
<option value="9" >9</option>
<option value="10" >10</option>
<option value="11" >11</option>
<option value="12" >12</option>
<option value="13" >13</option>
<option value="14" >14</option>
<option value="15" >15</option>
<option value="16" >16</option>
<option value="17" selected="selected">17</option>
<option value="18" >18</option>
<option value="19" >19</option>
<option value="20" >20</option>
<option value="21" >21</option>
<option value="22" >22</option>
<option value="23" >23</option>
<option value="24" >24</option>
<option value="25" >25</option>
<option value="26" >26</option>
<option value="27" >27</option>
<option value="28" >28</option>
<option value="29" >29</option>
<option value="30" >30</option>
<option value="31" >31</option>
</select>
<select class="vbjanh" name="checkinMonthYear" title="">
<option value="092010" selected="selected">October 2010</option>
<option value="102010" >November 2010</option>
<option value="112010" >December 2010</option>
<option value="002011" >January 2011</option>
<option value="012011" >February 2011</option>
<option value="022011" >March 2011</option>
<option value="032011" >April 2011</option>
<option value="042011" >May 2011</option>
<option value="052011" >June 2011</option>
<option value="062011" >July 2011</option>
<option value="072011" >August 2011</option>
<option value="082011" >September 2011</option>
</select>
<br />
<br />
<span class="umoanjg">Check-Out Date *</span><br />
<select class="vbjanh" name="checkoutDay" title="">
<option value="1" >1</option>
<option value="2" >2</option>
<option value="3" >3</option>
<option value="4" >4</option>
<option value="5" >5</option>
<option value="6" >6</option>
<option value="7" >7</option>
<option value="8" >8</option>
<option value="9" >9</option>
<option value="10" >10</option>
<option value="11" >11</option>
<option value="12" >12</option>
<option value="13" >13</option>
<option value="14" >14</option>
<option value="15" >15</option>
<option value="16" >16</option>
<option value="17" >17</option>
<option value="18" selected="selected">18</option>
<option value="19" >19</option>
<option value="20" >20</option>
<option value="21" >21</option>
<option value="22" >22</option>
<option value="23" >23</option>
<option value="24" >24</option>
<option value="25" >25</option>
<option value="26" >26</option>
<option value="27" >27</option>
<option value="28" >28</option>
<option value="29" >29</option>
<option value="30" >30</option>
<option value="31" >31</option>
</select>
<select class="vbjanh" name="checkoutMonthYear" title="">
<option value="092010" selected="selected">October 2010</option>
<option value="102010" >November 2010</option>
<option value="112010" >December 2010</option>
<option value="002011" >January 2011</option>
<option value="012011" >February 2011</option>
<option value="022011" >March 2011</option>
<option value="032011" >April 2011</option>
<option value="042011" >May 2011</option>
<option value="052011" >June 2011</option>
<option value="062011" >July 2011</option>
<option value="072011" >August 2011</option>
<option value="082011" >September 2011</option>
</select>
<br />
<br />
<span class="umoanjg">Adults</span><span class="ifivmjg">Children</span><span class="ngcwmjg">Rooms</span><br />
<select class="vbjanh" name="numAdults" title="">
<option value="1" >1</option>
<option value="2" >2</option>
<option value="3" >3</option>
<option value="4" >4</option>
<option value="5" >5</option>
<option value="6" >6</option>
<option value="7" >7</option>
<option value="8" >8</option>
<option value="9" >9</option>
<option value="10" >10</option>
<option value="11" >11</option>
<option value="12" >12</option>
<option value="13" >13</option>
<option value="14" >14</option>
<option value="15" >15</option>
<option value="16" >16</option>
<option value="17" >17</option>
<option value="18" >18</option>
<option value="19" >19</option>
<option value="20" >20</option>
</select>
<select class="pgrvmh" name="numChildren" title="">
<option value="0" >0</option>
<option value="1" >1</option>
<option value="2" >2</option>
<option value="3" >3</option>
<option value="4" >4</option>
<option value="5" >5</option>
<option value="6" >6</option>
<option value="7" >7</option>
<option value="8" >8</option>
<option value="9" >9</option>
<option value="10" >10</option>
<option value="11" >11</option>
<option value="12" >12</option>
<option value="13" >13</option>
<option value="14" >14</option>
<option value="15" >15</option>
<option value="16" >16</option>
<option value="17" >17</option>
<option value="18" >18</option>
<option value="19" >19</option>
<option value="20" >20</option>
</select>
<select class="duksai" name="numRooms" title="">
<option value="1" >1</option>
<option value="2" >2</option>
<option value="3" >3</option>
<option value="4" >4</option>
<option value="5" >5</option>
<option value="6" >6</option>
<option value="7" >7</option>
<option value="8" >8</option>
<option value="9" >9</option>
</select>
<br />
<br />
<span class="Label">Sort Results By</span><br />
<select class="dropDownValuesText1" name="sortByParam" title="">
<option value="BRAND_SORT" selected="selected">Brand</option>
<option value="DISTANCE_SORT" >Distance</option>
</select>
<br />
<br />
<input type="hidden" name="fromGeoLocation" value="false"/><input type="hidden" name="backURL" value="/wireless//6c/us/en/searchForm.action"/><br />
<span class="luadegf"><input type="image" name="Find a Hotel" src="http://prodcache.internal.ihg.com/content/dam/mobile/6c/en/us/btn_lrg_find-a-hotel.gif" alt='Find a Hotel'/></span>
</div>
</form>
<table class="onhqbwf">
<tr>
<td></td><td></td><td></td>
</tr>
<tr>
<td class="gwlmmic">
<a href="http://www.ichotelsgroup.com/wireless/6c/us/en/coremetric.action?hrefValue=http%3A%2F%2Fwww.ichotelsgroup.com%2Fh%2Fd%2F6c%2F1%2Fen%2Fhome%3FmobileSite%3Dtrue&linkName=full_html" >
View Full Website</a>    <a href="/wireless/6c/us/en/truste.action"><img src="http://prodcache.internal.ihg.com/content/dam/mobile/6c/en/truste_certified_privacy.gif" alt="TRUSTe" width="88" height="25"/></a>    <a href="/wireless/6c/us/en/terms.action" >
Terms of Use</a>
</td>
</tr>
<tr>
<td class="hhsrkom">
©2001-2010 InterContinental Hotels Group (IHG).<br />All Rights Reserved. IHG Proprietary Information.
</td>
</tr>
</table>
<span class="fwmduhg"><img src="/wireless/ga.jsp?utmac=MO-1237384-24&utmn=1803370972&utmr=-&utmp=%2Fwireless%2Fjsp%2Fhotel_search.jsp&guid=ON" alt=""/></span>
</body>
</html>
這裏是帖子的形式和重新引導到另一個頁面中的PHP。但它似乎沒有正確發佈數據。我究竟做錯了什麼?
<?php
$FindAHotel = (isset($_POST['Find A Hotel'])) ? TRUE : FALSE;
$country = (isset($_POST['country'])) ? strip_tags($_POST['country']) : FALSE;
$city = (isset($_POST['city'])) ? strip_tags($_POST['city']) : FALSE;
$checkinDay = (isset($_POST['checkinDay'])) ? strip_tags($_POST['checkinDay']) : FALSE;
$checkinMonthYear = (isset($_POST['checkinMonthYear'])) ? strip_tags($_POST['checkinMonthYear']) : FALSE;
$checkoutDay = (isset($_POST['checkoutDay'])) ? strip_tags($_POST['checkoutDay']) : FALSE;
$checkoutMonthYear = (isset($_POST['checkoutMonthYear'])) ? strip_tags($_POST['checkoutMonthYear']) : FALSE;
$numAdults = (isset($_POST['numAdults'])) ? strip_tags($_POST['numAdults']) : FALSE;
$numChildren = (isset($_POST['numChildren'])) ? strip_tags($_POST['numChildren']) : FALSE;
$numRooms = (isset($_POST['numRooms'])) ? strip_tags($_POST['numRooms']) : FALSE;
$sortByParam = (isset($_POST['sortByParam'])) ? strip_tags($_POST['sortByParam']) : FALSE;
$fromGeoLocation = (isset($_POST['fromGeoLocation'])) ? strip_tags($_POST['fromGeoLocation']) : FALSE;
$backURL = (isset($_POST['backURL'])) ? strip_tags($_POST['backURL']) : FALSE;
session_start();
if (($_SESSION['optIn']==0)||(!isset($_SESSION['optIn'])))
{
header("Location: http://www.ichotelsgroup.com/wireless/ex/us/en/rates.action?mnemonic=SWICC&navigationFlag=true&hotelAvailable=true");
}
else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<script language="JavaScript">
function submitForm(){
document.form.submit();
}
</script>
</head>
<body onload="submitForm()">
<form method="post" action="http://www.ichotelsgroup.com/wireless/ex/us/en/search.action" name="myForm" id="myForm">
<input type="hidden" name="country" value="<?php echo($country); ?>" />
<input type="hidden" name="city" value="<?php echo($city); ?>" />
<input type="hidden" name="checkinDay" value="<?php echo($checkinDay); ?>" />
<input type="hidden" name="checkinMonthYear" value="<?php echo($checkinMonthYear); ?>" />
<input type="hidden" name="checkoutDay" value="<?php echo($checkoutDay); ?>" />
<input type="hidden" name="checkoutMonthYear" value="<?php echo($checkoutMonthYear); ?>" />
<input type="hidden" name="numAdults" value="<?php echo($numAdults); ?>" />
<input type="hidden" name="numChildren" value="<?php echo($numChildren); ?>" />
<input type="hidden" name="numRooms" value="<?php echo($numRooms); ?>" />
<input type="hidden" name="sortByParam" value="<?php echo($sortByParam); ?>" />
<input type="hidden" name="fromGeoLocation" value="<?php echo($fromGeoLocation); ?>" />
<input type="hidden" name="backURL" value="<?php echo($backURL); ?>" />
<input type="hidden" name="Find a Hotel" value="<?php echo($FindAHotel); ?>" />
</form>
<script type='text/javascript'>document.myForm.submit();</script>
</body>
</html>
<? }
?>
感謝這麼先進
的原始值*巨大的* XSS安全問題,因爲您輸出非轉義的用戶提供的值到HTML。請在所有'value =「<?php echo ...?>」''調用中使用'htmlspecialchars()',並且基本上在其他地方向HTML輸出數據。 – Tomalak 2010-10-18 09:35:20
確實。使用'striptags()'**不夠**保護你,特別是因爲你插入屬性值,只有引號字符突破了上下文。在輸入階段放棄'striptags()'(這是錯誤的事情),而是在輸出階段使用'htmlspecialchars()'。爲了減少打字量,定義一個快捷方式函數'h()',它會聲明'echo htmlspecialchars()'。 – bobince 2010-10-18 10:00:39