| Re: Check if $_GET contains something other than what's allowed [message #183822 is a reply to message #183820] |
Thu, 21 November 2013 21:48   |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
|
Senior Member |
|
|
Jason C wrote:
> I have a script that's constantly under attack by hackers submitting odd
s/hackers/crackers/
Rule of thumb: Hackers build, crackers (attempt to) destroy.
> queries. My script is tight enough that it's not been a problem, but
> still, it's annoying.
>
> Just for the sake of peace of mind, how can I check for any $_GET key
> that's not allowed (in which case I can kill the script from the
> beginning)?
<http://php.net/isset>
<http://php.net/array_key_exists>
However, your problem more likely is having register_globals=on when it
should be off; not validating user input, inviting SQL injection; aso.
<https://owasp.org/>
PointedEars
--
Prototype.js was written by people who don't know javascript for people
who don't know javascript. People who don't know javascript are not
the best source of advice on designing systems that use javascript.
-- Richard Cornford, cljs, <f806at$ail$1$8300dec7(at)news(dot)demon(dot)co(dot)uk>
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]