Jump to content

how i can secure this code


qwe010

Recommended Posts

you have a link with a condition and then get what you want example only

link example with condition.

[code]
<?php
echo"<a href='mypage.php?page=$page&cmd=condition_set'>go to my page</a>
?>
[/code]

then this on the other page.
[code]

<?php session_start();

//the condition of the link must match.
if($_GET['cmd']=="condition_set"){

$page=$_GET['page'];

}else{

//the condition of the link did not match.
echo"sorry who are you man?";
}
?>
[/code]
if i do it like that

[quote]if(!isset($_GET['page']) == empty($_GET['page'])){

    $page = 1;



} else {

$page = intval( $_GET['page'] );

}[/quote]

and do that

index.php?page='

all thing ok

but if i do it like that

index.php?page=

You have an error in your SQL syntax


how i fix that ?

and my program is

Shows the news like that

index.php?page=1

news 1

index.php?page=2

news 2

Use this:
[code=php:0]// chekc that page is srt and that it holds a numerical value
if(isset($_GET['page']) && is_numeric($_GET['page']))
{
    $page = $_GET['page'];
}
else
{
    $page = 1;
}[/code]

If your url is index.php?page= or index.php?page=' or someothing else that is non numeric it will set $page to 1. if your url is this: index.php?page=1 or index.php?page=somenumberhere (eg index.php?page=99) it'll set $page to $_GET['page']

This is more secure than what you have now.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.