[nycphp-talk] Need suggestions on building a hacker trap...
Ben Sgro
ben at projectskyline.com
Tue Aug 12 09:31:56 EDT 2008
Hello,
One way to enforce this is to do (example):
$validMode = array('last' => 'last', 'first' => 'first', 'all' => 'all');
if (!isset($validMode['$_GET['mode']])) { /* bad input */ }
else
$sqlWhere = $validMode['$_GET['mode']]));
Which is essentially enforcing a white list.
There's a ton of permutation of this type of validation. It obviously
won't work for a form field or something,
where the input is truly random and dynamic, but for fixed values, it
works fine.
- Ben
mikesz at qualityadvantages.com wrote:
> "So what exactly does the parameter Mode do? "
>
> Normally, Mode= takes query parameters like "latest" or "featured"
> member for sorting to select the correct display values. One of the
> "correct" script generated calls is "index.php?Mode=last&Sex=all"
> which tells the script to do a select for the latest members, both
> male and female. This will display a block containing thumbnails of
> members who meet the selection criteria.
>
>
More information about the talk
mailing list