OZONE Asylum

FAQ

How To Handle Incoming Variables TP Style.

This page's ID: 5554

Welcome to the OzoneAsylum FaqWiki Frequently Asked Questions Server Side Coding PHP
How To Handle Incoming Variables TP Style. $Pages that link to <a href="https://ozoneasylum.com/backlink?for=5554" title="Pages that link to How To Handle Incoming Variables TP Style." rel="nofollow" >How To Handle Incoming Variables TP Style.\$
Ok, so you wonder how to make you script safe, that means to protect the server, and protect the users who visit your site? Here's TP's solution.: code: foreach ($HTTP_POST_VARS as $aKey => $aValue) { $HTTP_POST_VARS[$aKey] = htmlentities(ENT_QUOTES); unset($aKey); } That's it. Repeat for getvars, cookies, and the like. No worries any longer. They're safe for queries (all the ' and " have been escaped). They can be printed out again, without having to worry about javascript attacks. Hey, if you like, you can change it to nl2br(htmlentities... and you won't have to do any processing when outputing user information again! Oh, and the unset() forces you to use the appropriate 'globals', ie. either $HTTP_XXX_VARS or $_XXX to access incoming variables. Much easier to replace if they decide to change the handling again. After all, PHP 5 is due in the second quartal of 2003... so long Tyberius Prime (Added by: Tyberius Prime on Tue 11-Feb-2003)

Welcome to the OzoneAsylum FaqWiki
Frequently Asked Questions
Server Side Coding
PHP

How To Handle Incoming Variables TP Style.\$

Ok, so you wonder how to make you script safe, that means to protect the server, and protect the users who visit your site?

Here's TP's solution.:

code:

foreach ($HTTP_POST_VARS as $aKey => $aValue)

{

     $HTTP_POST_VARS&#91;$aKey&#93; = htmlentities(ENT_QUOTES);

     unset($aKey);

}

That's it. Repeat for getvars, cookies, and the like.
No worries any longer. They're safe for queries (all the ' and " have been escaped). They can be printed out again, without having to worry about javascript attacks.
Hey, if you like, you can change it to nl2br(htmlentities... and you won't have to do any processing when outputing user information again!

Oh, and the unset() forces you to use the appropriate 'globals', ie. either $HTTP_XXX_VARS or $_XXX to access incoming variables. Much easier to replace if they decide to change the handling again. After all, PHP 5 is due in the second quartal of 2003...

so long
Tyberius Prime

(Added by: Tyberius Prime on Tue 11-Feb-2003)

« Backwards — Onwards »