mattyvx Posted January 12, 2011 Share Posted January 12, 2011 triple posted for some reason. Link to comment https://forums.phpfreaks.com/topic/224212-security-issue/ Share on other sites More sharing options...
mattyvx Posted January 12, 2011 Author Share Posted January 12, 2011 Hi I have developed a php page which gets 10 random reviews from a specfic member. The reviews are displayed using an iFrame and the member $ID is passed to the the SQL statement through the src="" and $_GET[''ID] method like; http://www.mysite.com/reviews?ID=1234 I have some data validation for $ID which is; String length less than 4, must be numeric and mysql_real_escape string. What I would like to do is give my premium members the code so they embed the reviews on their site like; <iframe 'some-styling-here' src="http://www.mysite.com/reviews?ID=1234"></iframe> General advice really, providing I have sanitised $ID using php are there any other measures I should take to protect myself and any other implications I should consider before releasing the code to members. e.g. increased calls to server to display embedded page etc etc Thanks Link to comment https://forums.phpfreaks.com/topic/224212-security-issue/#findComment-1158482 Share on other sites More sharing options...
mattyvx Posted January 12, 2011 Author Share Posted January 12, 2011 . Link to comment https://forums.phpfreaks.com/topic/224212-security-issue/#findComment-1158484 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.