• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can a URI var ever be malicious?

#7
[eluser]skunkbad[/eluser]
Chances are that you would be safe, but there's more to consider based on if $plan gets inserted into the HTML in the view. If $plan is a integer, typecast it as (int). If $plan is one of a series of strings, you could easily check that the value exists in an array using PHP's in_array() function. Active Record is good, so chances are you're not going to have any SQL injection, but like I said, if the value of $plan is going to be used in the HTML, that's where you need to make sure its properly filtered.


Messages In This Thread
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:00 AM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 02:13 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:38 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:02 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:04 PM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:27 AM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:44 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.