yvan-sraka · October 21, 2016 10:01
diff --git a/security_test.php b/security_test.php
 <?php
 // ##### SECURITY #####
 // Convert potential HTML content contain
 // in POST data into HTML Entities
 $_POST['pseudo'] = htmlspecialchars($_POST['pseudo']);
 ?>
 <!DOCTYPE>
 <html>
    <form method="post" action="#">
        <input type="text" name="pseudo" />
        <input type="submit" value="Connexion" />
    </form>
    <div>
        <?php echo "Bonjour ".$_POST['pseudo']." !" ?>
    </div>
 </html>
	<?php
	// ##### SECURITY #####
	// Convert potential HTML content contain
	// in POST data into HTML Entities
	$_POST['pseudo'] = htmlspecialchars($_POST['pseudo']);
	?>
	<!DOCTYPE>
	<html>
	<form method="post" action="#">
	<input type="text" name="pseudo" />
	<input type="submit" value="Connexion" />
	</form>
	<div>
	<?php echo "Bonjour ".$_POST['pseudo']." !" ?>
	</div>
	</html>