how i can blocking run script on php page?

Question

i used xampp for one php page on Windows. but i have a problem.

my cod:

<?php 
  if ($row["name"] == null)
  {
    echo $row["name"] = 'no name';
  }
  else
  {
    echo $row["name"]; 
  }
?>

when:

$row["name"] == "<script>alert("HackEd")</script>"

script run.

how i can blocking run script on php page?

Take a look at [`strip_tags`](http://php.net/manual/en/function.strip-tags.php) — Nick, Dec 27 '18 at 10:38

score 0 · Accepted Answer · answered Dec 27 '18 at 10:43

<?php
$row['name'] =  "<script>alert('HackEd')</script>";
  if ($row["name"] == null)
  {
      echo $row["name"] = 'no name';
  }
  else
  {
      echo $row['name']= preg_replace('#<script(.*?)>(.*?)</script>#is', '', $row['name']);
  }
?>

You can simple remove what's inside your script tags before you echo the value of your $row['name']

how i can blocking run script on php page?

1 Answers1