(^4)
(^5)
brent
(Brent)
#1
(^6)
(^7)
(^8)
(^9)
(^10)
(^11)
(^12)
(^13)
(^14)
15
Forms can be sent by two methods: GET adds all of the parameters to the
URI visibly in the address bar, whereas POST sends them “under the hood.”
POST also allows you to send much more data. This is a simplification but
all you need to know for now.
If the script that adds to the database doesn’t check that the form was
really sent from your server, I could add an image to any website by doing
this:
1
Anybody coming to my website would now be putting another comment
into your database. I could use an image or CSS link or script or anything
that allows for a URI to be defined and loaded by a browser when the
HTML renders. In CSS, this could be a background image.