Ask a Question related to PHP Development, Design and Development.
-
PhilM #1
query_string test and strip.
Could someone give me the topics to look up on php.net, to be able to work
out how to remove stuff added to a query_string?
I wish to check $QUERY_STRING, and remove any user added extras.
TIA
PhilM
PhilM Guest
-
CGI.Query_String Login/Logout Problem
Here is my form for logging in; <form name="login_form" method="post" action="#CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#"> I use the CGI.SCRIPT_NAME and... -
Parse cgi.query_string
I have a payment gateway that returns all its results in a humongous cgi.query_string. I would like to parse through it and assign variables and... -
$QUERY_STRING not vaialable
Hi NG! I have the var $QUERY_STRING nit available. PHP 4.3.8 is running on Windows Server 2003 and IIS6, installed as CGI, not as ISAPI. The... -
Test::Unit -- multiple errors in test method ???
Hi ! I have been writing some unit tests with Test::Unit. I've noted that when an assertion fails in a test method, the remaining assertions... -
Method test::unit::TestSuite#<<(test)
Hi, I suggest to change the definition of this method slightly: current: # Adds the test to the suite. def <<(test) @tests << test end -
J.O. Aho #2 Re: query_string test and strip.
PhilM wrote:
use explode() where & is the divider, then remove the index from the array> Could someone give me the topics to look up on php.net, to be able to work
> out how to remove stuff added to a query_string?
>
> I wish to check $QUERY_STRING, and remove any user added extras.
that you don't want to keep and the implode the rest of the array back.
//Aho
J.O. Aho Guest
-
PhilM #3 Re: query_string test and strip.
"J.O. Aho" <user@example.net> wrote in message
news:2tq9ctF22i48gU1@uni-berlin.de...work> PhilM wrote:> > Could someone give me the topics to look up on php.net, to be able toso, if my url including $QUERY_STRING looks like>> > out how to remove stuff added to a query_string?
> >
> > I wish to check $QUERY_STRING, and remove any user added extras.
> use explode() where & is the divider, then remove the index from the array
> that you don't want to keep and the implode the rest of the array back.
>
>
> //Aho
/www.webhost/index.php?gallery&
$test=explode('&',$QUERY_STRING);
$QS=$test[0];
and then use $QS to determine, thru a switch statement, which content to
serve, would that be enough to prevent malicious/accidental fiddling?
Or would I be better comparing $QUERY_STRING for known permissible values,
and then setting and using $QS with the value detected?
(it's late 4:10 am... sorry if this is a daft Q)
PhilM Guest
-
J.O. Aho #4 Re: query_string test and strip.
PhilM wrote:
I guess picking out those statements that are allowed should be easiest, pick> "J.O. Aho" <user@example.net> wrote in message
> news:2tq9ctF22i48gU1@uni-berlin.de...
>>>>PhilM wrote:
>>>>>Could someone give me the topics to look up on php.net, to be able to
> work
>>>>>>>out how to remove stuff added to a query_string?
>>>
>>>I wish to check $QUERY_STRING, and remove any user added extras.
>>use explode() where & is the divider, then remove the index from the array
>>that you don't want to keep and the implode the rest of the array back.
>>
>>
>> //Aho
>
> so, if my url including $QUERY_STRING looks like
>
> /www.webhost/index.php?gallery&
>
> $test=explode('&',$QUERY_STRING);
> $QS=$test[0];
>
> and then use $QS to determine, thru a switch statement, which content to
> serve, would that be enough to prevent malicious/accidental fiddling?
>
> Or would I be better comparing $QUERY_STRING for known permissible values,
> and then setting and using $QS with the value detected?
>
> (it's late 4:10 am... sorry if this is a daft Q)
>
>
them out from your $test and push them into $QS.
//Aho
J.O. Aho Guest
-
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
