ShaolinF Posted November 30, 2009 Share Posted November 30, 2009 Hi Guys I am getting a POST variable which will be used to get page numbers (ie. mysite.com/index.php?page=1) Now, in my class I already have the following structure in place to ensure there is no tampering on the user end: isset($page) && is_numeric($page)) ? $page : 1; Is this enough ? Or should I also run it though the filter_var() function ? I assume the is_numeric function is enough to ensure the user doesnt try injecting malicious code but you never know. Link to comment https://forums.phpfreaks.com/topic/183446-protecting-against-malicious-code/ Share on other sites More sharing options...
.josh Posted November 30, 2009 Share Posted November 30, 2009 is_numeric technically allows more than just a straight integer, but I don't really see how someone could really exploit that...but anyways, I usually cast as int. But you should also be checking if it is a valid page number. Like, if you know it should only be 1-10 you should check for that. That can screw things up, especially for things like pagination. Link to comment https://forums.phpfreaks.com/topic/183446-protecting-against-malicious-code/#findComment-968322 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.