• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Redirect not working with string as parameter

#5
[eluser]rogierb[/eluser]
I see what your trying to do but obfuscating is never good practice. I could easily write a script that tests every possible uri and delete things from your db. It might take weeks but still...

You can still use
Code:
awesome/delete_something/2

But I would go with post data and test that post data instead of relying on and URL.

For instance I use both:
Code:
awesome/delete_something/2

and

if(isset($_POST['some_id']) && $_POST['some_id'] == $my_segment)
{
    //other checks like csrf, xss etc
}


Messages In This Thread
Redirect not working with string as parameter - by El Forum - 07-18-2011, 02:18 AM
Redirect not working with string as parameter - by El Forum - 07-18-2011, 03:45 AM
Redirect not working with string as parameter - by El Forum - 07-18-2011, 03:48 AM
Redirect not working with string as parameter - by El Forum - 07-18-2011, 05:31 AM
Redirect not working with string as parameter - by El Forum - 07-18-2011, 05:42 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.