|
Posted by Konrad on 02/24/06 19:46
Juliette wrote:
> Konrad wrote:
>
>> Hello
>> I'm a complete php newbie.
>>
>> I want now to write a collection of simple scripts, which will be used
>> by entire web. I keep it in "scripts.php", now - I'd like it to be
>> simple and clear, so I want it to be able to execute commands sent
>> both by FORMS ($_POST) and by URL ($_GET).
>>
>> Let's say, a command would be "mail_to_admin" (and addidtional
>> variable would be "message"). To enable the script to read both forms
>> and urls' variables I thought about something like this:
>>
>> ---code---
>>
>> $command=$_POST['command'];
>> //if nothing like this is passed via FORM, then maybe via URL ?:
>> if(!$command) $command=$_GET['command'];
>>
>> if($command=="send_mail_to_admin"){
>> //then do something.
>> };
>>
>> ---end of code---
>>
>> I'd like to do this with every variable. So I can send this when user
>> presses "submit" button in a form, AND I can do this by going to:
>> scripts.php?command=mail_to_admin&message=SomeMessage
>> which is simple to remember, to accomplish etc. (I'm a "Do it once" guy:)
>>
>> Problem: I've never seen something like this in any script I have -
>> althought I haven't seen so many of them :)
>>
>> Is there something wrong with this approach ?
>>
>> Konrad.
>
>
> Sounds inherently insecure to me...
> Start by reading some more about PHP security - considering your script,
> you best start with security info dealing with the $_POST and $_GET arrays.
>
> Grz, J.
>
OK, thanks!
Navigation:
[Reply to this message]
|