News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Jani Hartikainen's Blog:
Did you think your site validated input properly? Think again!
October 22, 2009 @ 12:42:48

Jani Hartikainen has posted a reminder for all developers to filter their incoming data. He points out a specific issue with arrays.

You've written a PHP based web app, and you've made sure it doesn't cause errors if the user submits unexpected values via any URLs or forms. But there's something you quite likely forgot to test: What if the data that's expected to be a singular value happens to be an array? If you assumed a GET or POST parameter will never be an array, your site probably joined the ranks of several high-profile sites that go into funny-mode when given unexpected arrays...

He gives an example exploit of how PHP handles arrays, both in normal PHP and in the Zend Framework, and how those could be interpreted and data could be injected into your script.

0 comments voice your opinion now!
validate input array


blog comments powered by Disqus

Similar Posts

Greg Beaver's Blog: Update to libxml2 in PHP - progress hath been acquired

PHPKitchen: PHP Coding Standards - Laying Down the Law

Evert Pot's Blog: PHP: Arrays vs. Objects

Felix Geisendorfer's Blog: Cake 1.2’s Set class eats nested arrays for breakfast!

Till Klampaeckel's Blog: Zend Framework: Writing an IN-Clause with Zend_Db


Community Events

Don't see your event here?
Let us know!


opinion release php7 performance voicesoftheelephpant language symfony2 community conference laravel configure api example introduction interview series podcast application framework library

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework