Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Can a URI var ever be malicious?
Can a URI var ever be malicious?
  • El Forum
    Guest
  •  
#7
04-20-2012, 10:44 AM

[eluser]skunkbad[/eluser]
Chances are that you would be safe, but there's more to consider based on if $plan gets inserted into the HTML in the view. If $plan is a integer, typecast it as (int). If $plan is one of a series of strings, you could easily check that the value exists in an array using PHP's in_array() function. Active Record is good, so chances are you're not going to have any SQL injection, but like I said, if the value of $plan is going to be used in the HTML, that's where you need to make sure its properly filtered.


Messages In This Thread
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:00 AM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 02:13 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:38 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:02 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:04 PM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:27 AM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:44 AM



Theme © iAndrew 2016 - Forum software by © MyBB