SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Wizard frank1's Avatar
    Join Date
    Oct 2005
    Posts
    1,392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    is this file secure?

    i have this strategy to take data from a search box which is takes input and pass data to this page with get


    PHP Code:
    <?php 
                    
    function cleanall() 

    foreach(
    $_GET as $key => $val

    $_GET[$key] = stripslashes(strip_tags(htmlspecialchars($valENT_QUOTES))); 
    $
    $key stripslashes(strip_tags(htmlspecialchars($valENT_QUOTES))); 




                     echo 
    "<div class=\"box_title_blue\">Following bbb has been found for this query</div>" ;        
    $cb = ( isset($_GET['cb']) ) ? $_GET['cb'] : 0// type it is strictly numeric ..from database 
    $cb=(int) $cb

    // Default to 0 (all) if not set 
    $exp = ( isset($_GET['exp']) ) ? trim($_GET['exp']) : 0//experience  it is also strictly numeric 
    $exp=(int) $exp
    // Default to 0 if not set 
    if ( !ctype_alnum($_GET ['jobt']))//it can be either 'a' for all or some number so i am trying to make this better but how can i do that 

    echo 
    "only A-Z a-z 0-9 are Allowed"
    exit(); 

    else 

    // Default to 0 if not set 
    $jobt = ( isset($_GET['jobt']) ) ? $_GET['jobt'] : 0// 

    // Default to 0 if not set 
    if ( !ctype_alnum($_GET ['edu']))//'a' or some  number 

    echo 
    "only A-Z a-z 0-9 are Allowed"
    exit(); 

    else 

    // Default to 0 if not set 
    $edu = ( isset($_GET['edu']) ) ? $_GET['edu'] : 0//qualification 

    $city = ( isset($_GET['city']) ) ? $_GET['city'] : 0//city//will be alnumeric 
    $sal1 = ( isset($_GET['sal1']) ) ? $_GET['sal1'] : 0// strictly number 
    $sal1=(int)$sal1
      
    $sal2 = ( isset($_GET['sal2']) ) ? $_GET['sal2'] : 9999999//numeric 
              
    $sal2=(int)$sal2
              
    cleanall(); 
      
    $trimmed trim($var); //trim whitespace from the stored variable 
    require_once ('../../dbconnect.php'); 
                            
    $query "SELECT *  FROM table where category=$cb and salary>$sal1 and salary<$sal2 and 

    experi>=
    $exp";
    how secure is this code and from where can cracker crack this...specially sql injection but other as well
    i am still updating it...but any security loop holes ?
    can it be made better?
    by the way well it take care of datatype and ' " and all but i can concerned about if some body pass command through get like

    SHUTDOWN and all
    how can i intregrate protection from that part in this code

    i notice when i use GET and all values are seen in address bar it is much provoking user to change data and see the result so is it

    good to use POST here
    What can be disadvantages of doing so?

  2. #2
    SitePoint Wizard frank1's Avatar
    Join Date
    Oct 2005
    Posts
    1,392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    why no comments i am amazed
    atleast there can be some thing ..
    may be good or bad
    it went to 2nd page of forum listing in no time...
    any way any comments

  3. #3
    SitePoint Wizard
    Join Date
    Jul 2006
    Location
    New Zealand
    Posts
    1,300
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it takes day or weeks to get a reply man take ur time.

  4. #4
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's the steps I would like:

    1. strip_tags();
    2. Use the following code from the php manual to decide what to do with slashes and add the mysql_real_escape_string() function:

    PHP Code:
    function quote_smart($value)
     {
         
    // Stripslashes
         
    if (get_magic_quotes_gpc()) {
             
    $value stripslashes($value);
         }
         
    // Quote if not a number or a numeric string
         
    if (!is_numeric($value)) {
             
    $value "'" mysql_real_escape_string($value) . "'";
         }
         return 
    $value;
     } 
    3. Add quotes around the value when you insert it into the database.

    As far as I know, this should be a pretty good defense against SQL injection. Let me know if I missed anything.
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!

  5. #5
    SitePoint Wizard frank1's Avatar
    Join Date
    Oct 2005
    Posts
    1,392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by william232
    it takes day or weeks to get a reply man take ur time.
    i have been here for 1.5 yrs now and i dont quite agree with it.
    Once the pages are pushed to behind page 1 or 2 people hardly bother to search and reply things...
    after all most people answers and discuss on page 1 tropic
    any way never mind

    about 2nd reply
    well i have that code as well
    but i want to know what is wrong with that initial code
    it is also filtering each POST and GET..
    is second method superior then first one..
    i am trying to know
    thanks for answer...
    is initial code vunerable to cracks?

  6. #6
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your initial code is probably secure, simply because it forces the integer type before doing the query. Here's a couple things you could improve on it, though:

    1. Since all the inputs are integers, create a function and call the function each time you want to validate. You'll cut your code size down by 60%.

    2. Before you striptags, you might want to check if magic_quotes are on. I'm not sure if it makes too much of a difference, but if you use strip_quotes arbitrarily, it might end up stripping a valid backslash. I'm not certain about this, though.

    For validating strings, I'd keep in mind my previous post.

    Good luck!
    Chris
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!

  7. #7
    SitePoint Wizard frank1's Avatar
    Join Date
    Oct 2005
    Posts
    1,392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is only way of checking magic_quotes are on/off is through phpinfo() file?

    by the way how to be safe from one who try to execute commands like
    etc/password etc through url injection

  8. #8
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's an example of checking if magic_quotes are on:

    PHP Code:
    if (get_magic_quotes_gpc()) {
             
    $value stripslashes($value);
         } 
    As far as URL injection goes, you'd apply the same principles for $_GET and $_POST variables. If you're going to be performing a query based on those variables, then you should perform cleanup on them. If someone can put it in the URL, the can also spoof a $_POST variable, so you should treat them the same.
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •