Posted by MZ on 09/29/14 12:01

Użytkownik "Jerry Stuckle" <jstucklex@attglobal.net> napisał w wiadomości
news:4YWdnYxNTt_OfAHanZ2dnUVZ_gadnZ2d@comcast.com...
> MZ wrote:
>> Hello!
>>
>> How to prevent from such try of attack of the website?
>>
>>
>> http://www.domain.com/index.php?id=%3Cscript%3Ealert(document.cookie);%3C/script%3E
>> Thank you in advance for help
>> M.
>>
>>
>>
>
> As in your other question, there is no inherent vulnerability in PHP for this.
>
> But this is also javascript, not PHP, and PHP doesn't execute javascript.
>

Yes I knew it is javascript code, but I asked it because if there would be a
problem
so this problem would in PHP.

I also has one more question to you:

If I have parameter which is a number and send it by GET method, i.e.

www.domain.com/index.php?id=1

Can you write me if such PHP protection will be sufficient after generating such
URL:

if ($_GET["id"]>0 && $_GET["id"]<99999999999 && is_numeric($_GET["id"]))
{
//then execute the following code

//checking if there is a record in the database which has id = 1 if so then
executing the rest of the code
}
else
{
not executing code
}

99999999999 is the max value because it is declared as BIGINT(11)

Thank you for your help
M.

[Back to original message]