Re: php and Ajax problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Kurth wrote:
        if(response.indexOf('|' != -1)) {
Spot the misplaced bracket.

if($_GET['takeaction']=="delete"){
$uid=$_GET['uid'];
echo $uid;
This is wide open to XSS attacks, you need to be just as careful with 
scripts intended to be accessed via javascript as you do with user 
facing scripts. If uid is as it sounds, an integer, then 
intval($_GET['uid']) will do nicely; otherwise at least use 
htmlentities() to prevent XSS.
Arpad

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux