Input validation for a switch needed?
Posted: Tue Nov 03, 2009 3:20 am
I have gotten into an endless argument with a friend about a theoretical security issue and input validation.
If you have a code like this:
The $some_value is used nowhere else in the code. If nothing in the switch matches the script ends.
The question is: is there a security issue because the $_GET['some_field'] isn't validated before the switch?
He says yes but isnt able to tell me why so I am asking here if you see a possible security issue with this code.
If you have a code like this:
Code: Select all
<?php
$some_value = $_GET['some_field'];
switch($some_value) {
case 1:
// do something
break;
case 2:
// do something else
break;
}
exit;
?>The question is: is there a security issue because the $_GET['some_field'] isn't validated before the switch?
He says yes but isnt able to tell me why so I am asking here if you see a possible security issue with this code.