|
Posted by "Richard Lynch" on 08/25/05 10:14
On Wed, August 24, 2005 10:06 pm, Graham Anderson wrote:
> Is there a way to loop thru all of these GET requests by:
> putting the GET variables into an array
> processing the variable strings with trim/striptags/etc in a loop
> exploding the variables back out into separate variables
In addition to what everybody has posted...
I really would recommend that on any given page you have something like:
$_EXPECTED = array('userID', 'playlistName', 'language');
$_EXPECTED = array_flip($_EXPECTED);
You can then compare what you $_GET with what you $_EXPECTED in your
loop, and not import any Bad Guy's crap variables:
if (isset($_EXPECTED[$variable])){
//import it
}
else{
//error out, log the hack attempt, Red Alert!, call the President
}
This also helps make the code more self-documenting, since right at
the top of the code you are clearly stating what inputs the script
(which in many respects is like a function, only not) expects to
receive.
If you're going to go ahead and clutter up your "SAFE" data with junk
that some random Bad Guy sent you, it really doesn't seem all that
safe to me...
--
Like Music?
http://l-i-e.com/artists.htm
[Back to original message]
|