query_string test and strip.
This is a discussion on query_string test and strip. within the alt.comp.lang.php forums, part of the PHP Programming Forums category; Could someone give me the topics to look up on php.net, to be able to work out how to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-21-2004
|
|||
|
|||
Re: query_string test and strip.
PhilM wrote:
> Could someone give me the topics to look up on php.net, to be able to work > out how to remove stuff added to a query_string? > > I wish to check $QUERY_STRING, and remove any user added extras. use explode() where & is the divider, then remove the index from the array that you don't want to keep and the implode the rest of the array back. //Aho 
|
|
10-21-2004
|
|||
|
|||
|
Re: query_string test and strip.
"J.O. Aho" <user@example.net> wrote in message news:2tq9ctF22i48gU1@uni-berlin.de... > PhilM wrote: > > Could someone give me the topics to look up on php.net, to be able to work > > out how to remove stuff added to a query_string? > > > > I wish to check $QUERY_STRING, and remove any user added extras. > > use explode() where & is the divider, then remove the index from the array > that you don't want to keep and the implode the rest of the array back. > > > //Aho so, if my url including $QUERY_STRING looks like /www.webhost/index.php?gallery& $test=explode('&',$QUERY_STRING); $QS=$test[0]; and then use $QS to determine, thru a switch statement, which content to serve, would that be enough to prevent malicious/accidental fiddling? Or would I be better comparing $QUERY_STRING for known permissible values, and then setting and using $QS with the value detected? (it's late 4:10 am... sorry if this is a daft Q)
|
|
10-22-2004
|
|||
|
|||
|
Re: query_string test and strip.
PhilM wrote:
> "J.O. Aho" <user@example.net> wrote in message > news:2tq9ctF22i48gU1@uni-berlin.de... > >>PhilM wrote: >> >>>Could someone give me the topics to look up on php.net, to be able to > > work > >>>out how to remove stuff added to a query_string? >>> >>>I wish to check $QUERY_STRING, and remove any user added extras. >> >>use explode() where & is the divider, then remove the index from the array >>that you don't want to keep and the implode the rest of the array back. >> >> >> //Aho > > > so, if my url including $QUERY_STRING looks like > > /www.webhost/index.php?gallery& > > $test=explode('&',$QUERY_STRING); > $QS=$test[0]; > > and then use $QS to determine, thru a switch statement, which content to > serve, would that be enough to prevent malicious/accidental fiddling? > > Or would I be better comparing $QUERY_STRING for known permissible values, > and then setting and using $QS with the value detected? > > (it's late 4:10 am... sorry if this is a daft Q) > > I guess picking out those statements that are allowed should be easiest, pick them out from your $test and push them into $QS. //Aho
|
Linear Mode
