Home > Archive > PHP Language > October 2004 > query_string test and strip.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
query_string test and strip.
|
|
|
| Could someone give me the topics to look up on php.net, to be able to work
out how to remove stuff added to a query_string?
I wish to check $QUERY_STRING, and remove any user added extras.
TIA
PhilM
| |
| J.O. Aho 2004-10-21, 3:57 pm |
| PhilM wrote:
> Could someone give me the topics to look up on php.net, to be able to work
> out how to remove stuff added to a query_string?
>
> I wish to check $QUERY_STRING, and remove any user added extras.
use explode() where & is the divider, then remove the index from the array
that you don't want to keep and the implode the rest of the array back.
//Aho
| |
|
|
"J.O. Aho" <user@example.net> wrote in message
news:2tq9ctF22i48gU1@uni-berlin.de...
> PhilM wrote:
work[color=darkred]
>
> use explode() where & is the divider, then remove the index from the array
> that you don't want to keep and the implode the rest of the array back.
>
>
> //Aho
so, if my url including $QUERY_STRING looks like
/www.webhost/index.php?gallery&
$test=explode('&',$QUERY_STRING);
$QS=$test[0];
and then use $QS to determine, thru a switch statement, which content to
serve, would that be enough to prevent malicious/accidental fiddling?
Or would I be better comparing $QUERY_STRING for known permissible values,
and then setting and using $QS with the value detected?
(it's late 4:10 am... sorry if this is a daft Q)
| |
| J.O. Aho 2004-10-22, 3:55 am |
| PhilM wrote:
> "J.O. Aho" <user@example.net> wrote in message
> news:2tq9ctF22i48gU1@uni-berlin.de...
>
>
> work
>
>
>
> so, if my url including $QUERY_STRING looks like
>
> /www.webhost/index.php?gallery&
>
> $test=explode('&',$QUERY_STRING);
> $QS=$test[0];
>
> and then use $QS to determine, thru a switch statement, which content to
> serve, would that be enough to prevent malicious/accidental fiddling?
>
> Or would I be better comparing $QUERY_STRING for known permissible values,
> and then setting and using $QS with the value detected?
>
> (it's late 4:10 am... sorry if this is a daft Q)
>
>
I guess picking out those statements that are allowed should be easiest, pick
them out from your $test and push them into $QS.
//Aho
| |
|
| Cheers for that
Regards, PhilM
|
|
|
|
|