If you have a code like this:
Code: Select all
<?php
$some_value = $_GET['some_field'];
switch($some_value) {
case 1:
// do something
break;
case 2:
// do something else
break;
}
exit;
?>The question is: is there a security issue because the $_GET['some_field'] isn't validated before the switch?
He says yes but isnt able to tell me why so I am asking here if you see a possible security issue with this code.