Jump to content


Photo

how i can secure this code


  • Please log in to reply
8 replies to this topic

#1 qwe010

qwe010
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 15 September 2006 - 06:06 PM

hi all

please

how i can secure this code

if(!isset($_GET['page'])){

   $page = 1;

    

    

} else {

$page = intval( $_GET['page'] );

}



if i do that

index.php?page='


You have an error in your SQL syntax


any idea ?


#2 Wintergreen

Wintergreen
  • Members
  • PipPipPip
  • Advanced Member
  • 107 posts

Posted 15 September 2006 - 06:19 PM

php.net seems to be down right now, but the function you can use to check and see if it is numeric is is_numeric()

#3 qwe010

qwe010
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 16 September 2006 - 11:26 AM

i try it

but i don't know how i do it with is_numeric()

i think i can but intval with

if(!isset($_GET['page'])){

  $page = 1;


   


but how ?

#4 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 16 September 2006 - 02:00 PM

you have a link with a condition and then get what you want example only

link example with condition.

<?php
echo"<a href='mypage.php?page=$page&cmd=condition_set'>go to my page</a>
?>

then this on the other page.

<?php session_start();

//the condition of the link must match.
if($_GET['cmd']=="condition_set"){

$page=$_GET['page'];

}else{

//the condition of the link did not match.
echo"sorry who are you man?";
}
?>

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#5 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 16 September 2006 - 02:16 PM

There is no need to use intval on numeric stings, unless you want a copy that has the equivalant integer value.

<?php
if(!isset($_GET['page']) || empty($_GET['page'])){
   $page = 1;
} 
   else {
   
}
?>



#6 qwe010

qwe010
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 16 September 2006 - 03:00 PM

if i do it like that

if(!isset($_GET['page']) == empty($_GET['page'])){

    $page = 1;



} else {

$page = intval( $_GET['page'] );

}


and do that

index.php?page='

all thing ok

but if i do it like that

index.php?page=

You have an error in your SQL syntax


how i fix that ?

and my program is

Shows the news like that

index.php?page=1

news 1

index.php?page=2

news 2



#7 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 16 September 2006 - 03:13 PM

Use this:
// chekc that page is srt and that it holds a numerical value
if(isset($_GET['page']) && is_numeric($_GET['page']))
{
    $page = $_GET['page'];
}
else
{
    $page = 1;
}

If your url is index.php?page= or index.php?page=' or someothing else that is non numeric it will set $page to 1. if your url is this: index.php?page=1 or index.php?page=somenumberhere (eg index.php?page=99) it'll set $page to $_GET['page']

This is more secure than what you have now.

#8 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 16 September 2006 - 03:27 PM

Lol, I thought the quote was a typo.. ;D

#9 qwe010

qwe010
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 16 September 2006 - 04:59 PM

Thanks  wildteen88      :)

  It is works ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users