[lug] Safely Parsing PHP Parameters
Bill Thoen
bthoen at gisnet.com
Wed Oct 10 14:13:49 MDT 2007
Zan Lynx wrote:
> And I think forcing the conversion to int will make your code safe
> enough. As long as no one can do a ?essay=../../../../../etc/passwd or
> anything like it.
>
That's exactly the sort of thing I'm worried about. How in the world
would a hacker get anything useful with a trick like this? I never
display the parameter value (except as an integer, and only if it's in
the correct range). Does shoving the contents of the passwd file turn it
into global variables or something?
More information about the LUG
mailing list