| Re: Check if $_GET contains something other than what's allowed [message #183825 is a reply to message #183822] |
Thu, 21 November 2013 22:16   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 11/21/2013 4:48 PM, Thomas 'PointedEars' Lahn wrote:
> Jason C wrote:
>
>> I have a script that's constantly under attack by hackers submitting odd
>
> s/hackers/crackers/
>
> Rule of thumb: Hackers build, crackers (attempt to) destroy.
>
No, hackers is the correct term. You really should learn to understand
English before correcting a native speaker of it.
>> queries. My script is tight enough that it's not been a problem, but
>> still, it's annoying.
>>
>> Just for the sake of peace of mind, how can I check for any $_GET key
>> that's not allowed (in which case I can kill the script from the
>> beginning)?
>
> <http://php.net/isset>
> <http://php.net/array_key_exists>
>
> However, your problem more likely is having register_globals=on when it
> should be off; not validating user input, inviting SQL injection; aso.
>
There is no indication in his update that ANY of this is true. In fact,
his update seems to indicate exactly the opposite.
> <https://owasp.org/>
>
>
> PointedEars
>
Not everyone is as dense as you.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]