Page 1 of 1

annoying seems simple problem???

Posted: Sun Mar 16, 2003 3:33 pm
by josboogz
Hi all,

I have variables passed to page in the form of $checkbox0, $checkbox1, $checkbox2 etc, which are dynamically generated so i dont know how many will be recieved.

THe problem i have is i need to loop through the variables so want to contruct a loop that alters just the last bit of variable name one by one.

for($cnt = 0; $cnt < $size-1; $cnt++){
$temp = $checkbox.'{$cnt}';
$search = "SELECT * FROM prerequisites WHERE courseCode = ''$temp";
$sql7 = mysql_query($search);


This is what i have been trying but it doesnt work.

Anyone got any ideas,

Thanks for ur time,

Jos

Posted: Sun Mar 16, 2003 4:01 pm
by McGruff
If the form method is POST, this will declare all the POST'd vars:

foreach ($_POST as $key=>$value) {
$$key = addslashes($value);
}

Note that a hacker can create their own form and submit it to the file defined in your form action (browser view source gives them all the info they need). They could define any variable they like in the forged form in order to attempt variable substitution: everything in a forged form will be declared with the above code. If you had previously declared an $auth variable defining, say, a user access level, I think this could be overwritten with an admin access level if the hacker submits an $auth var in the form.

It would depend on the rest of the script whether you're exposed or not. If you declare $auth AFTER the above, your own, valid, value will over-write a forged value - or maybe you don't have anything there to over-write in the first place.

Also, if the POST vars are processed within a function, anything dodgy probably won't get a chance to escape out of the function's scope.

Maybe someone can come up with a more secure method - or tell me I'm wrong about all this.