test question for PHP programmers

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mayafishing
Forum Newbie
Posts: 1
Joined: Mon Jul 16, 2007 8:22 pm

test question for PHP programmers

Post by mayafishing »

Hi everyone, I got this question when applying for a PHP programmer position.


Question:

Check out the following code and make suggestions on how to improve it based on concerns from Security, Compatibility and Efficiency:

<?
echo("<p>The characters you have input are: " .$_GET['q'] . ".</p>");
?>


Anyone up to the challenge?
User avatar
Chalks
Forum Contributor
Posts: 447
Joined: Thu Jul 12, 2007 7:55 am
Location: Indiana

Post by Chalks »

Well, using $_GET puts the data in the address bar, so... probably not too safe for passwords and such. As for effeciency, I generally assign a $_GET or $_POST variable to a different variable so that I don't keep having to type the whole long thing. Also I'm not sure, but I'm guessing that every time you use the $_GET key, it has to go and pull that variable again (maybe not... I don't know, verification please?), basically, I treat it like a function that I only want to call once, not 50 times. Also also, I'm not sure if this is an issue or not (yes, I'm new to php), but if I typed "<? code ?>", I would feel bad for not typing the php in there. :(
GuitarheadCA
Forum Newbie
Posts: 20
Joined: Fri Jul 13, 2007 12:59 am

Post by GuitarheadCA »

I would surround the value with the htmlspecialchars() function. This would prevent any cross-site scripting. Thus if a user typed in any tags or Javascript, it would not be executed, but rather it would be displayed.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Test answer: We won't do your homework.

We talk about your question quite often. XSS is a starting point.
Post Reply