09-06-2007, 11:44 PM
|
#4 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,215
Thanks: 90
|
Just to elaborate on Bluesaga's point about the automatic typecasting. I wrote a function earlier to automatically extract the prefix from GET, POST, COOKIE and SESSION arrays. You can then enforce the types how you wish - automatically.
It's common knowledge that most sites are hacked because a user is allowed to set the values of GET and POST (And less so COOKIE) to whatever they desire and thus causing all sorts of problems such as SQL injection attacks.
PHP Code:
function getPrefix($szPointer)
{
$aVariable = str_split($szPointer);
$szPrefix = '';
foreach($aVariable as $szVariable)
{
$szOrd = ord($szVariable);
if($szOrd >= 65 && $szOrd <= 90)
{
break;
}
$szPrefix .= $szVariable;
}
return $szPrefix;
}
This function will return the prefix. I would use it the following scenario:
PHP Code:
function g($szPointer)
{
$szValue = $_GET[$szPointer];
switch(getPrefix($szPointer))
{
/* Code Typecasting */
}
}
The switch will contain the array pointer's prefix, such as sz or i. I would recommend then using the CTYPE_* functions.
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|