Renkia Posted March 19, 2010 Posted March 19, 2010 Hey guys! Sorry i havnt been on i have had to pay the bill for the INTERNET. Since there was no internet i had a spare of MTG (MagicTallGuy) Forum. And i was wondering how is this secure? It would help if some-one could explain How & Why it will secure your $_GET? $_GET['reply'] = abs(@intval($_GET['reply'])); Regards, Rasheed Saeed - Renkia Quote
a_bertrand Posted March 19, 2010 Posted March 19, 2010 ...as been answered thousand times already... Anyhow, this makes sure the value is a int and is positive. How this is secure? Well, it prevents SQL injections in case you use the parameter directly into a SQL query. Beside that nothing. For example, it will still allow people to access data they should not (for example, by reading a private message if this is used there, you could read a private message of somebody else, unless you check you really have access to that). So this is a very first step. Now, I honestly don't see the need to use abs as it will not hurt the DB to read negative ids. If there isn't, it will say so ;) Then fails as well the intval which could be transformed into a +0 so you can easily write it like that (much shorter, and faster): $_GET["reply"]+=0 If your PHP setup will warn in case the "reply" parameter is not set you could do so: $_GET["reply"]=(isset($_GET["reply"])?$_GET["reply"]+0:0); or if you want it over multiple lines: if (isset($_GET["reply"]) $_GET["reply"]+=0; else $_GET["reply"]=0; Quote
Renkia Posted March 19, 2010 Author Posted March 19, 2010 Cheers a_bertrand Sorry for making you type it up, but i havnt seen this before. Plus it makes perfect sence? :P Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.