annoying seems simple problem???

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
josboogz
Forum Newbie
Posts: 12
Joined: Thu Feb 06, 2003 5:05 am

annoying seems simple problem???

Post by josboogz »

Hi all,

I have variables passed to page in the form of $checkbox0, $checkbox1, $checkbox2 etc, which are dynamically generated so i dont know how many will be recieved.

THe problem i have is i need to loop through the variables so want to contruct a loop that alters just the last bit of variable name one by one.

for($cnt = 0; $cnt < $size-1; $cnt++){
$temp = $checkbox.'{$cnt}';
$search = "SELECT * FROM prerequisites WHERE courseCode = ''$temp";
$sql7 = mysql_query($search);


This is what i have been trying but it doesnt work.

Anyone got any ideas,

Thanks for ur time,

Jos
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

If the form method is POST, this will declare all the POST'd vars:

foreach ($_POST as $key=>$value) {
$$key = addslashes($value);
}

Note that a hacker can create their own form and submit it to the file defined in your form action (browser view source gives them all the info they need). They could define any variable they like in the forged form in order to attempt variable substitution: everything in a forged form will be declared with the above code. If you had previously declared an $auth variable defining, say, a user access level, I think this could be overwritten with an admin access level if the hacker submits an $auth var in the form.

It would depend on the rest of the script whether you're exposed or not. If you declare $auth AFTER the above, your own, valid, value will over-write a forged value - or maybe you don't have anything there to over-write in the first place.

Also, if the POST vars are processed within a function, anything dodgy probably won't get a chance to escape out of the function's scope.

Maybe someone can come up with a more secure method - or tell me I'm wrong about all this.
Post Reply