PhilM wrote:
> "J.O. Aho" <user@example.net> wrote in message
> news:2tq9ctF22i48gU1@uni-berlin.de...
>
>>PhilM wrote:
>>
>>>Could someone give me the topics to look up on php.net, to be able to
>
> work
>
>>>out how to remove stuff added to a query_string?
>>>
>>>I wish to check $QUERY_STRING, and remove any user added extras.
>>
>>use explode() where & is the divider, then remove the index from the array
>>that you don't want to keep and the implode the rest of the array back.
>>
>>
>> //Aho
>
>
> so, if my url including $QUERY_STRING looks like
>
> /www.webhost/index.php?gallery&
>
> $test=explode('&',$QUERY_STRING);
> $QS=$test[0];
>
> and then use $QS to determine, thru a switch statement, which content to
> serve, would that be enough to prevent malicious/accidental fiddling?
>
> Or would I be better comparing $QUERY_STRING for known permissible values,
> and then setting and using $QS with the value detected?
>
> (it's late 4:10 am... sorry if this is a daft Q)
>
>

I guess picking out those statements that are allowed should be easiest, pick
them out from your $test and push them into $QS.


//Aho