Jump to content

Archived

This topic is now archived and is closed to further replies.

qwe010

how i can secure this code

Recommended Posts

hi all

please

how i can secure this code

[code]if(!isset($_GET['page'])){

  $page = 1;

   

   

} else {

$page = intval( $_GET['page'] );

}[/code]



if i do that

index.php?page='


You have an error in your SQL syntax


any idea ?

Share this post


Link to post
Share on other sites
i try it

but i don't know how i do it with is_numeric()

i think i can but intval with

[quote]if(!isset($_GET['page'])){

  $page = 1;[/quote]

   


but how ?

Share this post


Link to post
Share on other sites
you have a link with a condition and then get what you want example only

link example with condition.

[code]
<?php
echo"<a href='mypage.php?page=$page&cmd=condition_set'>go to my page</a>
?>
[/code]

then this on the other page.
[code]

<?php session_start();

//the condition of the link must match.
if($_GET['cmd']=="condition_set"){

$page=$_GET['page'];

}else{

//the condition of the link did not match.
echo"sorry who are you man?";
}
?>
[/code]

Share this post


Link to post
Share on other sites
There is no need to use intval on numeric stings, unless you want a copy that has the equivalant integer value.

[code]<?php
if(!isset($_GET['page']) || empty($_GET['page'])){
  $page = 1;
}
  else {
 
}
?>[/code]

Share this post


Link to post
Share on other sites
if i do it like that

[quote]if(!isset($_GET['page']) == empty($_GET['page'])){

    $page = 1;



} else {

$page = intval( $_GET['page'] );

}[/quote]

and do that

index.php?page='

all thing ok

but if i do it like that

index.php?page=

You have an error in your SQL syntax


how i fix that ?

and my program is

Shows the news like that

index.php?page=1

news 1

index.php?page=2

news 2

Share this post


Link to post
Share on other sites
Use this:
[code=php:0]// chekc that page is srt and that it holds a numerical value
if(isset($_GET['page']) && is_numeric($_GET['page']))
{
    $page = $_GET['page'];
}
else
{
    $page = 1;
}[/code]

If your url is index.php?page= or index.php?page=' or someothing else that is non numeric it will set $page to 1. if your url is this: index.php?page=1 or index.php?page=somenumberhere (eg index.php?page=99) it'll set $page to $_GET['page']

This is more secure than what you have now.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.