Re: php and Ajax problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Kurth wrote:
        if(response.indexOf('|' != -1)) {

Spot the misplaced bracket.

if($_GET['takeaction']=="delete"){
$uid=$_GET['uid'];
echo $uid;

This is wide open to XSS attacks, you need to be just as careful with scripts intended to be accessed via javascript as you do with user facing scripts. If uid is as it sounds, an integer, then intval($_GET['uid']) will do nicely; otherwise at least use htmlentities() to prevent XSS.

Arpad

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux