Dysan Posted November 22, 2007 Share Posted November 22, 2007 How do I stop the user from entering this php file manually, and accidentally adding a blank id to the array? <?php session_start(); $array = ( isset($_SESSION['ids']) && is_array($_SESSION['ids']) ) ? $_SESSION['ids'] : array(); if (!in_array($_GET['id'], $array)) { $array[] = $_GET['id']; } else { echo "ID Exists"; } $_SESSION['ids'] = $array; print_r($array); ?> Quote Link to comment Share on other sites More sharing options...
phpSensei Posted November 22, 2007 Share Posted November 22, 2007 <?php if($_GET['id']=="0"){ // die ?? } ?> I dont understand what you are trying to do... And what do you mean enter the file manually? Quote Link to comment Share on other sites More sharing options...
Dysan Posted November 22, 2007 Author Share Posted November 22, 2007 My apologies for not explaining very well. Basic, if you enter the open the php file, by entering the filename/path directly into the browser address bar, a blank value is added to the array, due to there not be a value in the $id variable. How do I stop a blank value being added to the array, if the $id variable doesn't contain value? <?php session_start(); $array = ( isset($_SESSION['ids']) && is_array($_SESSION['ids']) ) ? $_SESSION['ids'] : array(); $id = $_GET['id']; function writeShoppingCart($array) { if (count($array) > 0) { $s = (count($array) > 1) ? 's':''; echo "Shopping Cart: (".'<a href="1.php">'.count($array)." item".$s.")".'</a>'; } else { echo "Shopping Cart is empty!"; } } if (!in_array($id, $array)) { $array[] = $id; } else { echo "ID Exists"; } $_SESSION['ids'] = $array; print_r($array); writeShoppingCart($array); ?> Quote Link to comment Share on other sites More sharing options...
Stooney Posted November 22, 2007 Share Posted November 22, 2007 The way I'm interpreting what you're saying is that when people navigate directly to the script (which should normally have post data from a previous page), $id is empty and causes an empty variable in the array. If that's right, then just add something like: stop the script if(!isset($id)) { exit(); } or redirect them if(!isset($id)) { header("Location: index.php"); } Quote Link to comment Share on other sites More sharing options...
Wuhtzu Posted November 22, 2007 Share Posted November 22, 2007 <?php if(isset($_GET['id']) { //An ID is set and you can go on with your scipt $id = $_GET['id']; } else { die('sucker') } ?> <?php if(preg_match('/^[0-9]+$/', $_GET['id'])) { //An ID which is numeral and consists of at least one char is set //and you can go on with your script $id = $_GET['id']; } else { die('sucker') } ?> Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted November 22, 2007 Share Posted November 22, 2007 Personally i'd use the ctype_digit() and strlen() functions rather then using the preg_replace function, since regular expressions are slow. Quote Link to comment Share on other sites More sharing options...
rab Posted November 22, 2007 Share Posted November 22, 2007 Personally i would just cast the variable to an integer and check if it is actually an integer. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted November 22, 2007 Share Posted November 22, 2007 Personally, i think we shouldnt make thing complicated here <?php if((!isset($id)||($id=="")){ // die //or // set a default value } ?> Quote Link to comment Share on other sites More sharing options...
Wuhtzu Posted November 22, 2007 Share Posted November 22, 2007 Personally I wouldn't care for 0.00034 seconds, we talk about one check each time a person puts something in the basket Of course if you handle massive amounts of customers you might want to consider. But of course if I was to check something over and over again in a loop (say 100+ times) I too might consider not using preg_match. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted November 22, 2007 Share Posted November 22, 2007 Personally I wouldn't care for 0.00034 seconds, we talk about one check each time a person puts something in the basket Of course if you handle massive amounts of customers you might want to consider. But of course if I was to check something over and over again in a loop (say 100+ times) I too might consider not using preg_match. Yeah, of course - we are talking about the very tiny overhead of using regular expressions. Either i'm a perfectionist or it's just the fact that i hate working with regex... To be honest, it's probably the latter Quote Link to comment Share on other sites More sharing options...
phpSensei Posted November 22, 2007 Share Posted November 22, 2007 Personally I wouldn't care for 0.00034 seconds, we talk about one check each time a person puts something in the basket Of course if you handle massive amounts of customers you might want to consider. But of course if I was to check something over and over again in a loop (say 100+ times) I too might consider not using preg_match. Yeah, of course - we are talking about the very tiny overhead of using regular expressions. Either i'm a perfectionist or it's just the fact that i hate working with regex... To be honest, it's probably the latter regex isnt that bad, but it seems a little unsecure to me. Its great for bbcodes and all that fancy stuff, but i wouldnt recommend it in this case. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted November 22, 2007 Share Posted November 22, 2007 regex isnt that bad, but it seems a little unsecure to me. Its great for bbcodes and all that fancy stuff, but i wouldnt recommend it in this case. I disagree. Often regex is the most secure way of validation. Making sure data matches an expected pattern is often more secure than more general constraints on type and length. Of course, in this example, it acheives the same thing; though the regex approach is marginally slower. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.