HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: Seb Frost (seb <email protected>)
Date: 08/31/01

• Next message: Andrey Hristov: "Re: [PHP] array search"
• Previous message: Joseph Bannon: "[PHP] array search"
• In reply to: Alfredeen, Johan: "[PHP] PHP Security"
• Next in thread: Alfredeen, Johan: "RE: [PHP] PHP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Great question - I'd love to know too.

I can give you one hint. Make sure that you validate any variables passed
in the url. I had a script that should take an integer, and realised if
someone put in a fraction or text then the script output errors to the html
page showing file and directory names that I wanted hidden.

To solve this I used:

function SecureInt($var,$default)
{
        if (($var!=0) && ($var*1!=0) && is_int($var*1))
        {
                $var=$var*1;
                //echo "is int";
        }
        else
        {
                $var=$default;
                //echo "is not int";
        }
        return($var);
}

$intvar = SecureInt($intvar,1);

- seb

-----Original Message-----
From: Alfredeen, Johan [mailto:johanalfredeen <email protected>]
Sent: 31 August 2001 15:54
To: php-general <email protected>
Subject: [PHP] PHP Security

I am looking for a good, practical tutorial on what I should be doing as a
developer to create a secure web site (PHP related). I have looked in my PHP
text and searched the web, but haven't found anything real useful. I am not
interested in Apache or OS security, as this is -hopefully- taken care of by
my webhost. So if you know of a good guide, online or off, please
contribute.

Thanks,

Johan
PongWorld.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.274 / Virus Database: 144 - Release Date: 23/08/2001
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.274 / Virus Database: 144 - Release Date: 23/08/2001
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Andrey Hristov: "Re: [PHP] array search"
• Previous message: Joseph Bannon: "[PHP] array search"
• In reply to: Alfredeen, Johan: "[PHP] PHP Security"
• Next in thread: Alfredeen, Johan: "RE: [PHP] PHP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]