I am a newbie on PHP, but I know the concepts of SQL Injection, Header Injection and many of those injection stuff.
Well, I wrote this simple script:
Code: Select all
<body>
<?php
$nome = $_GET['nome'];
print $nome;
?>
</body>
http://myserver/index.php?nome=test'test
The result was:
test\'test
I didn´t apply any filter, but something was putting that "\" before the quotation mark.
It also cut off the <script> tag when I tried to insert it.
What is applying this protection? PHP? Apache?
I am running WAMP 1.7.4, with PHP version 5.2.3 and Apache 2.2.4.
Thanks!