Let me tell you the page first.
http://www.celik-ticaret.net/?page=projects (A trash website I use to test my codes)
As you can see, it contains a form with an option like:
Code: Select all
<select name="year">
<option value="1">Any year</option>
<option value="2000">2000</option>
<option value="2001">2001</option>
...
</select>
<select name="city">
<option value="any">Any city</option>
<option value="cityA">City A</option>
<option value="cityB">City B</option>
...
</select>[Code: Select all
function clrInput ()
{
//SQL Injection preventation
}
$city = clrInput($_POST['city']);
$year = intval(clrInput($_POST['year']);
/* NO OTHER CONTROLS HERE --- THAT'S WHAT I AM ASKING */
//Prepare our query -- Looks very vulnerable!
query(SELECT * FROM TABLE_NAME
WHERE City = $city AND
Year = $year);
Code: Select all
<select name="city">
<option value="UNION DROP TABLE TABLE_NAME">Any year</option>
</select>
Code: Select all
SELECT * FROM TABLE_NAME
WHERE City = NULL
UNION
DROP TABLE TABLE_NAMEWhat kind of protections should I do on such pages? Doublecheck every option input in an array and die if it doesn't match?
Open for ideas.