astronaut Posted January 16, 2007 Share Posted January 16, 2007 Hi, recently I was told that my website could get hacked because of poorly written code. I am a novice newbie programmer, so all I know is to write simple if/else statements for now.Is this code truely vulnerable to a hacker, and is there a better way of coding this?[color=red]<?php if ($result=='1'){ include("result.php"); } ?> <a href="<? echo $PHP_SELF?>?result=1">Click here to see page 2</a>[/color] Link to comment https://forums.phpfreaks.com/topic/34470-security-issue/ Share on other sites More sharing options...
Tandem Posted January 16, 2007 Share Posted January 16, 2007 You don't need quotes for the number, and parentheses for the include.[code]<?php if ($result == 1){ include "result.php"; } ?> <a href="<? echo $PHP_SELF?>?result=1">Click here to see page 2[/url][/code]There is nothing "hackable" about it though. Link to comment https://forums.phpfreaks.com/topic/34470-security-issue/#findComment-162350 Share on other sites More sharing options...
dgiberson Posted January 16, 2007 Share Posted January 16, 2007 if ($result === 1) { do something} else { do something else}=== is a strict comparison for typefor example$x = 1;$y = "1";if ($y == $x) { echo "This matches";} else { echo "No match";}if ($y === $x) { echo "match";} else { echo "no match";} Link to comment https://forums.phpfreaks.com/topic/34470-security-issue/#findComment-162351 Share on other sites More sharing options...
astronaut Posted January 16, 2007 Author Share Posted January 16, 2007 case closed, thanks. Looks like I'm in the clear. Also learned that the === sign means that it also makes sure the variable is strickly a number instead of either number or letter value. Thanks alot!! Link to comment https://forums.phpfreaks.com/topic/34470-security-issue/#findComment-162375 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.