[Phpwm] site critique please
Phil Beynon
phil at infolinkelectronics.co.uk
Wed Jan 17 11:14:23 GMT 2007
>
> Phil,
>
> David just illustrated a symptom of the problem, in a kind non obtrusive
> way.
>
> A more malicious hacker would be tempted to try embedding commands in the
> SQL, in particular commands which could grant user rights and access to
> poorly configured servers.
>
> What David illustrated is you are taking parameters direct from
> the URL and
> firing them straight at the database, when you should be
> performing a sanity
> check or clean up.
>
> In addition you should also consider the use of add slashes to negate this
> problem as this would escape the apostrophe and MySQL would treat it as a
> string.
>
> Dave
>
I think this should be fine now,
on the places where it only passing a numeric ident in the URL I've made it
so it fails if there is any non numeric, non positive intergers present:
if (
!is_numeric($ident) OR
intval($ident) <= 0
OR intval($ident) != $ident
)
{
echo "Invalid data passed in URL - not proceeding for safety reasons";
exit();
}
Where its passing across alphanumeric data I've done something a little
different from the norm though, with these sites they dont have really many
sub-index levels so my approach was to do this, which is code efficient for
this type of site;
$a=0; // counter variable
// get all possible data
$result0 = mysql_query("SELECT sub_group_name, group_name FROM page_subgroup
WHERE sale_archive = '0';");
if(!$result0){echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();}
while($row = mysql_fetch_array($result0, MYSQL_ASSOC))
{
$test_name_main[$a] = html_entity_decode(urldecode($row['group_name'])); //
build array
$test_name_sub[$a] = html_entity_decode(urldecode($row['sub_group_name']));
// build array
$a++; // increment counter
}
// see if input data from URL is not real
if(!in_array($groupcode,$test_name_main) OR
!in_array($subgroupcode,$test_name_sub))
// if not real generate message and halt execution
{
echo "Invalid data passed in URL - not proceeding for safety reasons";
exit();
}
unset($test_name_sub);
unset($test_name_main); // clear arrays if proceeding.
Hope this might help someone else!
Phil
More information about the Phpwm
mailing list