|
|
Posted by Juliette on 02/24/06 19:37
Konrad wrote:
> Hello
> I'm a complete php newbie.
>
> I want now to write a collection of simple scripts, which will be used
> by entire web. I keep it in "scripts.php", now - I'd like it to be
> simple and clear, so I want it to be able to execute commands sent both
> by FORMS ($_POST) and by URL ($_GET).
>
> Let's say, a command would be "mail_to_admin" (and addidtional variable
> would be "message"). To enable the script to read both forms and urls'
> variables I thought about something like this:
>
> ---code---
>
> $command=$_POST['command'];
> //if nothing like this is passed via FORM, then maybe via URL ?:
> if(!$command) $command=$_GET['command'];
>
> if($command=="send_mail_to_admin"){
> //then do something.
> };
>
> ---end of code---
>
> I'd like to do this with every variable. So I can send this when user
> presses "submit" button in a form, AND I can do this by going to:
> scripts.php?command=mail_to_admin&message=SomeMessage
> which is simple to remember, to accomplish etc. (I'm a "Do it once" guy:)
>
> Problem: I've never seen something like this in any script I have -
> althought I haven't seen so many of them :)
>
> Is there something wrong with this approach ?
>
> Konrad.
Sounds inherently insecure to me...
Start by reading some more about PHP security - considering your script,
you best start with security info dealing with the $_POST and $_GET arrays.
Grz, J.
Navigation:
[Reply to this message]
|