Isomerizer Posted September 5, 2008 Share Posted September 5, 2008 Re: An introduction to security error_reporting(E_ALL); will display error's but majority of the time you will not be able to get rid of those error's. Maybe not at first, but with practice, it is achievable. Quote Link to comment Share on other sites More sharing options...
Floydian Posted September 5, 2008 Share Posted September 5, 2008 Re: An introduction to security When I code for myself, I always have E_ALL set. The biggest thing that comes up is undefined variables (for me at least). If you have POST, GET, or REQUEST vars on the page, you should check if they were submitted by using the isset() function. if(!isset($_POST['......']) { // either put an error message and die, or set a default } else { $...... = $_POST['........']; } The point of that bit of code is that any POST var is checked if it "isset" and if it is, store it in a local variable. Then you should only be using local variables after the POST, GET, or REQUEST arrays have been checked. It actually makes code easier to read as well. mysql_query("update {$_POST['......']} set blah = '{$_POST['......']}' where foo = '{$_POST['......']}'"); or mysql_query("update $...... set blah = '$........' where foo = '$.........'"); Maybe it's just me though... :P (no this example isn't meant to convey secure db querying...., it's just an example of readability) Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted September 6, 2008 Share Posted September 6, 2008 Re: An introduction to security Nope - not just you. I've been using totally sanitized variables in a clean namespace for years now, and yes, not only is it far easier to maintain, it also becomes much easier to read. Even better - I find that a custom error handler can help here by allowing me to display a clean list of errors at the top of any page but only to me, enabling me to see any errors/warnings that I may have missed, and protecting them from the users's eyes. Quote Link to comment Share on other sites More sharing options...
Joe Posted December 7, 2008 Share Posted December 7, 2008 Re: An introduction to security I made an account to reply to this post. Extremely well written. I'm actually looking at your site now to hire you for some development work. Possibly even some tutoring. Well done indeed. Extremely resourceful. Bookmarked. Quote Link to comment Share on other sites More sharing options...
Josh23 Posted February 25, 2009 Share Posted February 25, 2009 Re: An introduction to security Is There A Way To Get Rid Of 'Undefined Index' Errors ? I Tried To Resolve These But, I Still Learning, Sorry. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted February 25, 2009 Share Posted February 25, 2009 Re: An introduction to security Undefined index's are fixed with "http://www.php.net/isset" and the other's don't know. Quote Link to comment Share on other sites More sharing options...
Josh23 Posted February 25, 2009 Share Posted February 25, 2009 Re: An introduction to security Thanks Haunted, That Did It But 1 Don't Work By Using 'isset()' Its This One if ($dosessh && ($_SESSION['attacking'] || $ir['attacking'])) ^^ I Change To This if isset($dosessh && ($_SESSION['attacking'] || $ir['attacking'])) I Also Changed It To Many Others Cant Find A Solution Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted February 25, 2009 Share Posted February 25, 2009 Re: An introduction to security if( isset($dosessh) && (isset($_SESSION['attacking']) || isset($ir['attacking']))) should work. Quote Link to comment Share on other sites More sharing options...
Josh23 Posted February 25, 2009 Share Posted February 25, 2009 Re: An introduction to security Sorry I Think I Forgot To Post Enough. Now Using Your Code It Makes You Loose All Your Exp, And Displays 'You Lost All Your Exp For Running From The Fight' I Am Using This Code. if(isset($dosessh) && (isset($_SESSION['attacking']) || isset($ir['attacking']))) { print "You lost all your exp for running from the fight."; $db->query("UPDATE users SET exp=0, attacking=0 WHERE userid=$userid"); $_SESSION['attacking']=0; } Thanks For You Help Haunted, +1 Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted February 25, 2009 Share Posted February 25, 2009 Re: An introduction to security Try this. if(isset($dosessh) && isset($_SESSION['attacking'])) { if(isset($ir['attacking'])) { echo 'Stop Running from fights!'; } } Quote Link to comment Share on other sites More sharing options...
Josh23 Posted February 25, 2009 Share Posted February 25, 2009 Re: An introduction to security Used This And It Worked Fine, Thanks. Removed The isset() From (isset($ir['attacking'])) if(isset($dosessh) && isset($_SESSION['attacking'])) { if($ir['attacking']) { echo 'Stop Running from fights!'; } } Quote Link to comment Share on other sites More sharing options...
Karlos Posted February 26, 2009 Share Posted February 26, 2009 Re: An introduction to security Or simply go into loggedin.php and set attacking to: $_SESSION['attacking'] = '0'; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.