[Phpwm] site critique please

Phil Beynon phil at infolinkelectronics.co.uk
Wed Jan 17 11:14:23 GMT 2007 

>
> Phil,
>
> David just illustrated a symptom of the problem, in a kind non obtrusive
> way.
>
> A more malicious hacker would be tempted to try embedding commands in the
> SQL, in particular commands which could grant user rights and access to
> poorly configured servers.
>
> What David illustrated is you are taking parameters direct from
> the URL and
> firing them straight at the database, when you should be
> performing a sanity
> check or clean up.
>
> In addition you should also consider the use of add slashes to negate this
> problem as this would escape the apostrophe and MySQL would treat it as a
> string.
>
> Dave
>

I think this should be fine now,
on the places where it only passing a numeric ident in the URL I've made it
so it fails if there is any non numeric, non positive intergers present:

if	(
!is_numeric($ident) OR
intval($ident) <= 0
OR intval($ident) != $ident
	)
	 {
echo "Invalid data passed in URL - not proceeding for safety reasons";
exit();
	 }

Where its passing across alphanumeric data I've done something a little
different from the norm though, with these sites they dont have really many
sub-index levels so my approach was to do this, which is code efficient for
this type of site;

$a=0; // counter variable
// get all possible data
$result0 = mysql_query("SELECT sub_group_name, group_name FROM page_subgroup
WHERE sale_archive = '0';");
if(!$result0){echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();}

while($row = mysql_fetch_array($result0, MYSQL_ASSOC))
	{
$test_name_main[$a] = html_entity_decode(urldecode($row['group_name'])); //
build array
$test_name_sub[$a] = html_entity_decode(urldecode($row['sub_group_name']));
// build array
$a++; // increment counter
	}
// see if input data from URL is not real
if(!in_array($groupcode,$test_name_main) OR
!in_array($subgroupcode,$test_name_sub))
// if not real generate message and halt execution
	{
echo "Invalid data passed in URL - not proceeding for safety reasons";
exit();
	}
unset($test_name_sub);
unset($test_name_main); // clear arrays if proceeding.

Hope this might help someone else!

Phil

More information about the Phpwm mailing list