Posted by OmegaJunior on 01/24/07 21:02
On Wed, 24 Jan 2007 21:18:55 +0100, Guffi <privat@pc-care.dk> wrote:
> Hi
>
> The PHP code is like this in the index-file:
>
> include($id);
>
> How can I secure it, so $id does not contaion an external link (which =
=
> could
> do some harm)
> I have tried this: if (stristr($id, 'http') =3D=3D TRUE) { exit("Hacki=
ng -
> STOP!!"); }
>
> But this test only work in my brower and does not stop from phishing :=
-(
>
> Can someone please help me out here !!??
>
>
>
>
How about allowing numeric entry only, and concatenating that with a =
string of your own? Like so:
$id =3D $_GET['id'];
if (is_numeric($id)) {
include('page'.$id);
}
-- =
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
[Back to original message]
|