ShaolinF Posted November 30, 2009 Share Posted November 30, 2009 Hi Guys I am getting a POST variable which will be used to get page numbers (ie. mysite.com/index.php?page=1) Now, in my class I already have the following structure in place to ensure there is no tampering on the user end: isset($page) && is_numeric($page)) ? $page : 1; Is this enough ? Or should I also run it though the filter_var() function ? I assume the is_numeric function is enough to ensure the user doesnt try injecting malicious code but you never know. Quote Link to comment https://forums.phpfreaks.com/topic/183446-protecting-against-malicious-code/ Share on other sites More sharing options...
.josh Posted November 30, 2009 Share Posted November 30, 2009 is_numeric technically allows more than just a straight integer, but I don't really see how someone could really exploit that...but anyways, I usually cast as int. But you should also be checking if it is a valid page number. Like, if you know it should only be 1-10 you should check for that. That can screw things up, especially for things like pagination. Quote Link to comment https://forums.phpfreaks.com/topic/183446-protecting-against-malicious-code/#findComment-968322 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.