How hard would it be to use javascript in a PM

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
davidprogramer
Forum Commoner
Posts: 64
Joined: Mon Nov 28, 2005 6:11 pm

How hard would it be to use javascript in a PM

Post by davidprogramer »

Well. I am having a little trouble here because users can easily change the variables sent in a PM (the globals in a link which puts them in a clan or sends a reject). SO I was wondering. With javascript it would make it harder. How hard (or is it even possible) to put javascript links in a PM?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

8O
davidprogramer
Forum Commoner
Posts: 64
Joined: Mon Nov 28, 2005 6:11 pm

Post by davidprogramer »

lol does that mean "REALLY EFFIN HARD MAN" or a "ARE YOU RETARDED?"
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

It means you need to validate, filter and escape your input and variables. (in PHP, not javascript.)

Check that your variables contain what they are allowed to contain before you use them and remember, do not trust any user input.
davidprogramer
Forum Commoner
Posts: 64
Joined: Mon Nov 28, 2005 6:11 pm

Post by davidprogramer »

do not trust any user input.
I have to. What I am trying to do is put up brick walls so that it stops the user from being naughty.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

which you must do in your PHP code as JavaScript is anything but secure. :)
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

JS can be used heavily in a client/server model (AJAX) but that's advanced stuff compared to a simple PHP processing class/function.

And no. You do not "have to" trust user input. NEVER TRUST IT :!:

Sure, your users might not be out to do something bad, but I bet any money if a hacker did a security scan on your site looking for faults in the system and discovered you had a leak in your security, they would abuse that to no end.

Never trust user input.
Post Reply