Jump to content

how to i secure my imploded data?

Monkuar

By Monkuar
in PHP Coding Help

Recommended Posts

Monkuar Advanced Member

Monkuar

Posted
Posted 

$ids = implode(",", $_POST['m']);
$db->query('DELETE FROM friends WHERE friend_id IN ('.$db->escape($ids).') AND user_id = '.$pun_user['id'].'') or error('Unable to remove users from online list', __FILE__, __LINE__, $db->error());
redirect("s.php?section=Friends","Thanks, Friends removed ");

 

Is there any other way to secure it better?

 

I feel like im missing something, i just don't want to get hacked

 

also added

 

$ids = implode(",", $_POST['m']);

if ($ids < 1)

message("Incorrect Data");

Link to comment
https://forums.phpfreaks.com/topic/258378-how-to-i-secure-my-imploded-data/
Share on other sites
Monkuar Advanced Member

Monkuar

Posted
  • Author
Posted

if $_POST['m'] contains an array of integers, the only sanitation you need to do is to intval the values to ensure they are integers. If you do that, there is no need to escape them.

 

Would this work?

$ids = implode(",", array_map('intval', $_POST['m']));

 

scootstah Member

scootstah

Posted
Posted

if $_POST['m'] contains an array of integers, the only sanitation you need to do is to intval the values to ensure they are integers. If you do that, there is no need to escape them.

 

Would this work?

$ids = implode(",", array_map('intval', $_POST['m']));

 

 

Yes. I literally just posted that exact code but you already did. :P

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.