How can we secure the URL from: /Contact-Us.php to: /Contact-Us.php/">

Question

How can we secure the URL from:

/Contact-Us.php to:

/Contact-Us.php/"><script>alert(48)</script>

This script is added to form input.

<input type="text" style="display:none;" name='nameDa' value="<?php echo $_SERVER['REQUEST_URI']; ?> >

AFTER USING THE filter_var($_SERVER['SERVER_NAME'], FILTER_VALIDATE_URL); FILTER PROBLEM GOT RESOLVED.

Possible duplicate of [Secure XSS cleaning function (updated regularly)](https://stackoverflow.com/questions/6382442/secure-xss-cleaning-function-updated-regularly) — miken32, Nov 27 '18 at 18:36

score 0 · Answer 1 · answered Nov 27 '18 at 11:55

0

Escape the characters.

Best solution, in my opinion is:

echo htmlspecialchars($value, ENT_QUOTES, 'UTF-8', false);
// &lt;script&gt; alert(44)&lt;/script&gt;

answered Nov 27 '18 at 11:55

Unamata Sanatarai

How can we identify script tags in the URL. So that we can show some error page. – Voolapati Manohar Nov 27 '18 at 12:49
Also my .css files are not working on this page. /Contact-Us.php/"> – Voolapati Manohar Nov 27 '18 at 13:39

How can we secure the URL from: /Contact-Us.php to: /Contact-Us.php/">alert(48)