Question: Is the following PHP code vulnerable to XSS attacks, and why? Rewrite this code to prevent XSS attacks

Is the following PHP code vulnerable to XSS attacks, and why? Rewrite this code to prevent XSS attacks

$servername = "localhost";

$username = "me";

$password = "!myPa$$";

$dbname = "mydb";

if(isset($_POST["uname"], $_POST["upass"])) {

$conn = new mysqli($servername, $username, $password, $dbname);

if (!$conn->connect_error) {

die("Connection failed: " . $conn->connect_error);

}

$query = "select * from user where uname='$_POST[uname]' AND upass='$_POST[upass]'";

$result = $conn->query($query);

}

?>

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Appendices Code of welcome.php //contains code to connect to MySQL database Comments/ Message: Click here to logout 5 http://www.xsslabelgg.com/action/friends/add?friend=40&__elgg_ts=1402467511...

Q:

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Q:

Which listed statements are true Web fingerprinting is based solely on the User - Agent header sent by a browser. WebAuthn provides stronger protection against phishing attacks compared to...

Q:

Which listed statements are true Web fingerprinting is based solely on the User - Agent header sent by a browser. WebAuthn provides stronger protection against phishing attacks compared to...

Q:

WASF Which statements on web applications security are true Common techniques for mitigating Cross - Site Scripting attacks include input validation, output encoding, and Content Security Policy. The...

Q:

youll be creating a vulnerable web application that is susceptible to a XSS attack. XSS attacks are very common out there so I am sure you can find plenty of discussion about it with a Google search....

Q:

Which of these statements are correct In a Forward Secrecy cipher, if attackers are able to access encrypted traffic they will not be able to decode it without the session key, which is discarded...

Q:

. Which listed statements are wasf Web fingerprinting is based solely on the User - Agent header sent by a browser. WebAuthn provides stronger protection against phishing attacks compared to...

Q:

Objective: To create a PHP web application that: Collects user data through an HTML form. Validates user input on the server - side using PHP . Stores validated data in a text file. Retrieves and...

Q:

Which following listed statements are correct The rate of success of a brute force attack does not directly depend on the complexity of the password being tested. The best way to protect against XSS...

Q:

USA Today reported a survey made by Nationwide Mutual Insurance that indicated the average amount of time spent to resolve identity theft cases was slightly more than 88 hours. The file titled Theft...

Q:

On January 1, 2010, the Easton Corporation acquired 30% of the outstanding common shares of Feeley Corporation for $140,000, and 25% of the outstanding common shares of Holmes Company for $82,500 and...

Q:

Please use this adjusted trial balance to create an income statement in multiple step format. I am unsure if tax amount is right. The tax rate for the company is 4 0 % . The income tax expense listed...

Q:

Samuel Corporation is owned eighty percent (80%) by Helen and twenty percent (20%) by Freddie who are unrelated to each other. Pursuant to a Complete Liquidation, Samuel Corporation distributed Land...

Q:

Select suitable tools to analyze service problems.

Q:

1. How does marketing cars differ from marketing service for those same vehicles?

Q:

Understand what is required for moving a service firm from service loser to service leader.