pagination security problems

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
kkonline
Forum Contributor
Posts: 251
Joined: Thu Aug 16, 2007 12:54 am

pagination security problems

Post by kkonline »

Below is an extract of my pagination script
If ?page=123 then page=123 then it's ok
But when i write ?page=<---something else---> It should print invalid query
but just gives me a blank page.


what should i do so that only a number is valid; to prevent the security attacks
and if ?page=34.365 then also it should be invalid.

Code: Select all

if(!isset($_GET['page'])){
    $page = 1;
}
 else {
	if(is_numeric($_GET['page']))
	{
     $page=trim(mysql_real_escape_string($_GET['page']));
	}
	else
	{
	echo "invalid query";
		exit;
	}
	    	
}
mikesmith76
Forum Commoner
Posts: 34
Joined: Fri Aug 25, 2006 7:10 am
Location: Manchester, UK

Post by mikesmith76 »

using ctype_digit instead of is_numeric should stop your ?page=34.365 problem
Defkon1
Forum Newbie
Posts: 19
Joined: Thu Aug 09, 2007 9:13 am

Post by Defkon1 »

Code: Select all

<?php
is_numeric(34.365); // always  true
is_numeric('34.365'); //always  true
?>
try to use intval() (to convert it to int) or ctype_digit() instead of is_numeric().
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

You could also cast it to an integer by

Code: Select all

$page = (int)$_GET['page'];
or use a whitelist approach

Code: Select all

$pages = array(1,2,3,4,5); 
if (isset($_GET['page']) && in_array($_GET['page'],$pages)) {
  // requested page valid
} else {
  // invalid
}
Post Reply