NYCPHP Meetup

NYPHP.org

[nycphp-talk] Need suggestions on building a hacker trap...

Ben Sgro ben at projectskyline.com
Tue Aug 12 09:31:56 EDT 2008


Hello,

One way to enforce this is to do (example):

$validMode = array('last' => 'last', 'first' => 'first', 'all' => 'all');

if (!isset($validMode['$_GET['mode']])) { /* bad input */ }
else
$sqlWhere = $validMode['$_GET['mode']]));

Which is essentially enforcing a white list.

There's a ton of permutation of this type of validation. It obviously 
won't work for a form field or something,
where the input is truly random and dynamic, but for fixed values, it 
works fine.

- Ben

mikesz at qualityadvantages.com wrote:
> "So what exactly does the parameter Mode do? "
>
> Normally, Mode= takes query parameters like "latest" or "featured"
> member for sorting to select the correct display values. One of the
> "correct" script generated calls is "index.php?Mode=last&Sex=all"
> which tells the script to do a select for the latest members, both
> male and female. This will display a block containing thumbnails of
> members who meet the selection criteria.
>
>   



More information about the talk mailing list