Reply to Re: [PHP] prevent user from getting scripts outside the web folder [this better?]

Your name:

Reply:


Posted by Ben on 10/14/05 01:52

Graham Anderson said the following on 10/13/05 15:31:
> Is this a bit better ?
> As directed, I 'sanitized' all user input variables with trim and
> mysql_real_escape_string.
>
> thanks for everyone's patience as I am starting at ground zero
> concerning security.
>
>
> if( isset($_REQUEST['cmd']) OR isset($_REQUEST['path'] ))
> {
> // decrypt and santize variables
> $cmd = isset($_REQUEST['cmd']) ? cleanser(decrypt($_REQUEST
> ['cmd'])) : $cmd="null";
> $path = isset($_REQUEST['path']) ? cleanser(decrypt($_REQUEST
> ['path'])) : $path="null";
> .
> .
> .
>
> the cleanser script:
> function cleanser( $value )
> {
> return mysql_real_escape_string( trim( $value ) ) ;
> }
>
> the 'decrypt' function uses MCRYPT_RIJNDAEL_256 with a $key stored
> outside the web folder.
>
> many thanks :)

My understanding is that mysql_real_escape_string will only work while
you are connected to mysql. Not sure if that is the case in your situation.

- Ben

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация