Reply to Re: [PHP] Easier way to clean GET Variables ?

Your name:

Reply:


Posted by "Richard Lynch" on 08/25/05 10:14

On Wed, August 24, 2005 10:06 pm, Graham Anderson wrote:
> Is there a way to loop thru all of these GET requests by:
> putting the GET variables into an array
> processing the variable strings with trim/striptags/etc in a loop
> exploding the variables back out into separate variables

In addition to what everybody has posted...

I really would recommend that on any given page you have something like:

$_EXPECTED = array('userID', 'playlistName', 'language');
$_EXPECTED = array_flip($_EXPECTED);

You can then compare what you $_GET with what you $_EXPECTED in your
loop, and not import any Bad Guy's crap variables:
if (isset($_EXPECTED[$variable])){
//import it
}
else{
//error out, log the hack attempt, Red Alert!, call the President
}

This also helps make the code more self-documenting, since right at
the top of the code you are clearly stating what inputs the script
(which in many respects is like a function, only not) expects to
receive.

If you're going to go ahead and clutter up your "SAFE" data with junk
that some random Bad Guy sent you, it really doesn't seem all that
safe to me...

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация