Re: [PHP] Re: [PHP-WIN] Re: [PHP] Re: Question on virus/worms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Turn off register_globals - if you pollute your scripts with global
variables like that you are asking for trouble. If you can't make sure you
clean the variable.

Using include("$page.php") is asking for trouble.

If you can get register_globals switched off (it's off by default in PHP5
for this very reason) then use the kind of security procedure so well
explained on brainbulb.com (also well worth watching the audit cast):

Maybe something like:

$page = isset($_GET['page']) ? trim(strip_tags($_GET['page'])) : 'page';

// clean data here, ie check suffix, reun tests, and only then...

include "$page.php";

[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux