SitePoint Sponsor |
|
User Tag List
Results 1 to 8 of 8
Thread: is this file secure?
-
Sep 24, 2006, 09:55 #1
is this file secure?
i have this strategy to take data from a search box which is takes input and pass data to this page with get
PHP Code:<?php
function cleanall()
{
foreach($_GET as $key => $val)
{
$_GET[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES)));
$$key = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES)));
}
}
echo "<div class=\"box_title_blue\">Following bbb has been found for this query</div>" ;
$cb = ( isset($_GET['cb']) ) ? $_GET['cb'] : 0; // type it is strictly numeric ..from database
$cb=(int) $cb;
// Default to 0 (all) if not set
$exp = ( isset($_GET['exp']) ) ? trim($_GET['exp']) : 0; //experience it is also strictly numeric
$exp=(int) $exp;
// Default to 0 if not set
if ( !ctype_alnum($_GET ['jobt']))//it can be either 'a' for all or some number so i am trying to make this better but how can i do that
{
echo "only A-Z a-z 0-9 are Allowed";
exit();
}
else
{
// Default to 0 if not set
$jobt = ( isset($_GET['jobt']) ) ? $_GET['jobt'] : 0; //
}
// Default to 0 if not set
if ( !ctype_alnum($_GET ['edu']))//'a' or some number
{
echo "only A-Z a-z 0-9 are Allowed";
exit();
}
else
{
// Default to 0 if not set
$edu = ( isset($_GET['edu']) ) ? $_GET['edu'] : 0; //qualification
}
$city = ( isset($_GET['city']) ) ? $_GET['city'] : 0; //city//will be alnumeric
$sal1 = ( isset($_GET['sal1']) ) ? $_GET['sal1'] : 0; // strictly number
$sal1=(int)$sal1;
$sal2 = ( isset($_GET['sal2']) ) ? $_GET['sal2'] : 9999999; //numeric
$sal2=(int)$sal2;
cleanall();
$trimmed = trim($var); //trim whitespace from the stored variable
require_once ('../../dbconnect.php');
$query = "SELECT * FROM table where category=$cb and salary>$sal1 and salary<$sal2 and
experi>=$exp";
i am still updating it...but any security loop holes ?
can it be made better?
by the way well it take care of datatype and ' " and all but i can concerned about if some body pass command through get like
SHUTDOWN and all
how can i intregrate protection from that part in this code
i notice when i use GET and all values are seen in address bar it is much provoking user to change data and see the result so is it
good to use POST here
What can be disadvantages of doing so?
-
Sep 24, 2006, 21:44 #2
why no comments i am amazed
atleast there can be some thing ..
may be good or bad
it went to 2nd page of forum listing in no time...
any way any comments
-
Sep 24, 2006, 21:50 #3
- Join Date
- Jul 2006
- Location
- New Zealand
- Posts
- 1,300
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
it takes day or weeks to get a reply man take ur time.
-
Sep 24, 2006, 23:37 #4
- Join Date
- Aug 2002
- Location
- Boise, Idaho
- Posts
- 411
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Here's the steps I would like:
1. strip_tags();
2. Use the following code from the php manual to decide what to do with slashes and add the mysql_real_escape_string() function:
PHP Code:function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
As far as I know, this should be a pretty good defense against SQL injection. Let me know if I missed anything.Chris S.
Free Web Scripts - Form generators, AJAX tools and more!
Micro CMS - A totally free AJAX-based, SEO-ed CMS!
-
Sep 25, 2006, 00:35 #5
Originally Posted by william232
Once the pages are pushed to behind page 1 or 2 people hardly bother to search and reply things...
after all most people answers and discuss on page 1 tropic
any way never mind
about 2nd reply
well i have that code as well
but i want to know what is wrong with that initial code
it is also filtering each POST and GET..
is second method superior then first one..
i am trying to know
thanks for answer...
is initial code vunerable to cracks?
-
Sep 25, 2006, 10:27 #6
- Join Date
- Aug 2002
- Location
- Boise, Idaho
- Posts
- 411
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Your initial code is probably secure, simply because it forces the integer type before doing the query. Here's a couple things you could improve on it, though:
1. Since all the inputs are integers, create a function and call the function each time you want to validate. You'll cut your code size down by 60%.
2. Before you striptags, you might want to check if magic_quotes are on. I'm not sure if it makes too much of a difference, but if you use strip_quotes arbitrarily, it might end up stripping a valid backslash. I'm not certain about this, though.
For validating strings, I'd keep in mind my previous post.
Good luck!
ChrisChris S.
Free Web Scripts - Form generators, AJAX tools and more!
Micro CMS - A totally free AJAX-based, SEO-ed CMS!
-
Sep 28, 2006, 00:42 #7
is only way of checking magic_quotes are on/off is through phpinfo() file?
by the way how to be safe from one who try to execute commands like
etc/password etc through url injection
-
Sep 28, 2006, 09:27 #8
- Join Date
- Aug 2002
- Location
- Boise, Idaho
- Posts
- 411
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Here's an example of checking if magic_quotes are on:
PHP Code:if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
Chris S.
Free Web Scripts - Form generators, AJAX tools and more!
Micro CMS - A totally free AJAX-based, SEO-ed CMS!
Bookmarks