Posted by Joseph Melnick on 05/27/05 18:08
There are a number of traps that I have encountered as PHP has evolved from
version 2 to 3 to 4 and into 5.
One of these is the way variables are passed from forms and links.
using the function array_key_exists is a good way to handle these variables
as is the constuct shown below.
$varname = (array_key_exists('key',$_REQUEST))?$_REQUEST['key']:"";
This construct has the benefit of setting $varname to a default value if not
submitted and can accept varname from $_POST or $_GET arrays.
If you know that the request is coming from a form post that you should
change the array you are using to $_POST.
This is your first line of defence when it comes to securing your
application.
Joseph Melnick
JM Web Consultants
http://www.jphp.com
"comp.lang.php" <sheldonlg@asap-consult.com> wrote in message
news:1117128695.680396.279510@f14g2000cwb.googlegroups.com...
> Thank you. That worked.
>
[Back to original message]
|