Thread: New PHP Script.. Test it out will ya?
View Single Post
Old 11-29-2004, 03:59 PM  
Dynamix
G F Y not
 
Industry Role:
Join Date: Jan 2004
Location: MN
Posts: 2,910
Quote:
Originally posted by iBOUNCER
OK, a few security concerns.

1) Looks like your just pulling whatever file the user asks for. See: http://www.dxan.com/cobra/image.php?...ges/header.gif

This is bad.

2) You are not validating input, equally bad; see:

http://www.dxan.com/cobra/model.php?...g%20input&id=1

You are escaping meta characters, which is a good thing.

Let me know if you need any help closing these things up.

Otherwise, looks cool
Thanks for the input, both flaws have been fixed
__________________

TGPFactory Full TGP Design & Installation Services
ICQ 250 142 484 · AIM TGPDynamix · Email: patrick (at) tgpfactory (dot) com
See who I am at AdultWhosWho.com!
Dynamix is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote