PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Oct 19, 2019 10:59 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Thu Oct 11, 2012 11:34 am 
Offline
Forum Newbie

Joined: Wed Oct 10, 2012 4:00 pm
Posts: 6
I created a function to verify user input to avoid injection. This input adds an item to a cart. Due to the way the catalog is set up, I am evaluating a 2D array. The interior arrays only contain one item each. The items contained in each interior array are what will be evaluated. That is where the user input is stored and it should only be positive unsigned integers or strings of integers.

My question is, can you see any exploitable weaknesses in this function?

Syntax: [ Download ] [ Hide ]
        function validNum($array){
                if (!empty($array)) {
                        foreach($array as $product){
                                if(!ctype_digit($product[0])){
                                        return false;
                                }
                                else{
                                        $product[0] = (int)$product[0];
                                       
                                }
                                return $array;
                        }
                }
        }
       


Thank you in advance for your consideration.


Top
 Profile  
 
PostPosted: Thu Oct 11, 2012 12:58 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13592
Location: New York, NY, US
Look ok, though your are using a foreach but only looping through once. Is that because you don't know the key? And you are assigning to $product but it appears to be a local variable?

Maybe something like:
Syntax: [ Download ] [ Hide ]
 function validNum($array){
                if (!empty($array)) {
                        $product = current($array);
                        if(!ctype_digit($product[0])){
                              return false;
                        } else{
                              return (int)$product[0];
                        }
                }
// note: no return statement will return null
        }

_________________
(#10850)


Top
 Profile  
 
PostPosted: Thu Oct 11, 2012 2:49 pm 
Offline
Forum Newbie

Joined: Wed Oct 10, 2012 4:00 pm
Posts: 6
Alright, I see what you are saying. I shifted some things around.

I am more concerned about the risk of injection than anything at this particular moment. I am still trouble shooting my code and am wondering if this method of checking it is sufficient to protect my client from a malicious attack from a particular user input field.

Syntax: [ Download ] [ Hide ]
        function validNum($array){
                if (!empty($array)) {
                        foreach($array as $product){
                                if(!ctype_digit($product[0])){
                                        return FALSE;
                                }                              
                        }
                        return TRUE;
                }
                else {
                        return FALSE;
                }
        }
 


Top
 Profile  
 
PostPosted: Thu Oct 11, 2012 4:06 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13592
Location: New York, NY, US
You can do the same thing with regular expressions. I prefer them. You can easily check any set of characters you want to allow and all the check or just regex character sets.
Syntax: [ Download ] [ Hide ]
// validate character set
if (!preg_match('/[^0-9]/', $parameter)) {
        echo 'valid';
} else {
        echo 'invalid';
}

// filter value
$parameter = preg_replace('/[^0-9]/', '', $parameter);

_________________
(#10850)


Top
 Profile  
 
PostPosted: Thu Oct 11, 2012 5:47 pm 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA
Regular expressions are great and all but when there's a built-in function that does exactly what you need then it's better to use that. Regexes are expensive.


Top
 Profile  
 
PostPosted: Sat Oct 13, 2012 9:16 am 
Offline
DevNet Resident
User avatar

Joined: Wed Apr 01, 2009 1:31 pm
Posts: 1532
Also consider that the largest 32-bit unsigned integer is 4294967295 (10 characters), and the largest 64-bit unsigned integer is 18446744073709551615 (20 characters). (See also: )


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group