• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can a URI var ever be malicious?

#1
[eluser]theshiftexchange[/eluser]
Hi guys,

Given the following code:

Code:
//create a new user
function register($plan = false)
{
  
  // Check the plan they have picked is valid, or default to the first plan
  $this->load->model('pricing_plan');
  if (( ! $plan) || ($this->pricing_plan->count_by('name', $plan) === 0))
  {
   $plan = $this->pricing_plan->get_all();
   $plan = $plan['0']->name;
  }

Because I pass "$plan" to the model without validation - can anything malicious ever be passed? i.e. sql injection? or javascript?

I use active record on the model.


Messages In This Thread
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:00 AM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 02:13 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:38 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:02 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:04 PM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:27 AM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:44 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.