How To Handle Incoming Variables TP Style. — OZONE Asylum, home of the Mad Scientists

FAQ

How To Handle Incoming Variables TP Style.

This page's ID: 5554

You are editing "How To Handle Incoming Variables TP Style."

Who can edit an FAQ?	Anyone registered may edit an FAQ.

Your User Name:
Your Password:
Login Options:	Remember Me On This Computer

Your Text: Insert Slimies » Insert UBB Code » Close Last Tag \| All Tags UBB Help	Ok, so you wonder how to make you script safe, that means to protect the server, and protect the users who visit your site? Here's TP's solution.: [code] foreach ($HTTP_POST_VARS as $aKey => $aValue) { $HTTP_POST_VARS[$aKey] = htmlentities(ENT_QUOTES); unset($aKey); } [/code] That's it. Repeat for getvars, cookies, and the like. No worries any longer. They're safe for queries (all the ' and " have been escaped). They can be printed out again, without having to worry about javascript attacks. Hey, if you like, you can change it to nl2br(htmlentities... and you won't have to do any processing when outputing user information again! Oh, and the unset() forces you to use the appropriate 'globals', ie. either $HTTP_XXX_VARS or $_XXX to access incoming variables. Much easier to replace if they decide to change the handling again. After all, PHP 5 is due in the second quartal of 2003... so long [internallink=4643]Tyberius Prime[/internallink] [small][i](Added by: [url=http://www.ozoneasylum.com/cgi-bin/ubbmisc.cgi?action=getbio&UserName=Tyberius+Prime]Tyberius Prime [/url] on Tue 11-Feb-2003)[/i][/small] Loading...
Options:	Enable Slimies Enable Linkwords

« Backwards — Onwards »

Show Forum Drop Down Menu