You are here: Re: question about safe - question no. 2 « PHP Programming Language « IT news, forums, messages
Re: question about safe - question no. 2

Posted by MZ on 09/28/14 12:01

Użytkownik "Jerry Stuckle" <jstucklex@attglobal.net> napisał w wiadomości
news:4YWdnYxNTt_OfAHanZ2dnUVZ_gadnZ2d@comcast.com...
> MZ wrote:
>> Hello!
>>
>> How to prevent from such try of attack of the website?
>>
>>
>> http://www.domain.com/index.php?id=%3Cscript%3Ealert(document.cookie);%3C/script%3E
>> Thank you in advance for help
>> M.
>>
>>
>>
>
> As in your other question, there is no inherent vulnerability in PHP for this.
>
> But this is also javascript, not PHP, and PHP doesn't execute javascript.
>

Yes I knew it is javascript code, but I asked it because if there would be a
problem
so this problem would in PHP.

I also has one more question to you:

If I have parameter which is a number and send it by GET method, i.e.

www.domain.com/index.php?id=1

Can you write me if such PHP protection will be sufficient after generating such
URL:

if ($_GET["id"]>0 && $_GET["id"]<99999999999 && is_numeric($_GET["id"]))
{
//then execute the following code

//checking if there is a record in the database which has id = 1 if so then
executing the rest of the code
}
else
{
not executing code
}

99999999999 is the max value because it is declared as BIGINT(11)

Thank you for your help
M.

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация