one function for all security threats?
Moderator: General Moderators
one function for all security threats?
Is there a function which i can pass a variable through which will remove security threats etc? If not can someone point me in the right direction for this.
Thanks
Thanks
yea it's awesome_magical_super_wonder_function()
Here's a good place to start: viewtopic.php?t=29269
Here's a good place to start: viewtopic.php?t=29269
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
No ... I mean how to you want to use the value. For example, there are cases where you don't need to do anything like:
But if you want to echo the value then:
Or to save in a MySQL database:
Code: Select all
if ($_GET['blah'] == '1') {Code: Select all
echo htmlentities($_GET['blah']);Code: Select all
$sql = "UPDATE mytable SET blah='" . mysql_real_escape_string($_GET['blah']) . "' WHERE id=$id";(#10850)
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
in_array() and array_search() may be of interest.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
http://ha.ckers.org/xss.html (site's down at the moment, check tomorrow)anyone got any pieces of code which i can try and inject into my site?
However, you'll be hard-pressed to get them to work unless you understand the underlying issues.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Short answer -- No. Short suggestion -- Stop.benyboi wrote:That made me think tho, i will use a case statement and have all the page names in there and if the user puts in something bad the value won't do anything harmfull!
Your security features need to be a structural part of the various parts of your code: request, response, database, etc. Some super-function with a big case statement in it is like a big neon sign flashing: wrong, wrong, wrong.
(#10850)