Skip to content

QS_TEXT

Jurek Muszyński edited this page Dec 31, 2019 · 1 revision

bool QS_TEXT(const char *param, QSVAL_TEXT variable)

Description

Scans query string for param and if found, URI-decodes it, and copies its value to variable. For POST, PUT and DELETE methods it assumes query string is in payload.

QSVAL_TEXT is just a typedef for C-style string, long enough to hold the value, as QS_TEXT makes the check. By default it is 64 KiB.

Returns

Returns true if param is present in query string, otherwise false.

Example

QSVAL_TEXT comment;

if ( QS_TEXT("comment", comment) )
    OUT("<div class=comm>%s</div>", comment);

QS family comes in four SQL- and XSS-injection security flavours:

QS - default - behaviour depends on QS_DEF_xxx compilation switch (by default it's QS_DEF_HTML_ESCAPE).

QS_HTML_ESCAPE - value is HTML-escaped
QS_SQL_ESCAPE - value is SQL-escaped
QS_DONT_ESCAPE - value is not escaped

And the fifth one:

QS_RAW - value is not URI-decoded

Clone this wiki locally