Quote:
|
Originally Posted by Brujah
Smokey, just some info to pass along, in case you're interested.
You can look into preg_match to clean variables or test them also. Will come in especially handy if you learn regex's or know a little about them already.
www.php.net/preg_match
Code:
So then: page.php?test=filename.mpg would pass
but page.php?test=`cat /etc/passwd`;etc..whatever-movie.mpg would fail.
Code:
if( !preg_match('/^([A-Z0-9\ \-]+)\.mpg$/i',$_GET['test'],$m) ) {
print '<span style="color:red">Test Failed. Not Allowing.</span>';
} else {
print '<span style="color:blue">Passed</span>: '.$m[0];
}
|
Thanx im a little new to php , since you seem to be a litle better, can i ask , the way i revised it will be fine right ? the way you did it is obviously better but mine would work right ? like as far as not accepting dangerous code it would just make the page invalid if someone tried x=filenam><br><hr><script>alert('hi')</script> i tried a few combo's couldnt find anything that looked langerous
like using you method if someone tried to introduce bad string it would fail using mine it wouldnt show bad stuff , but the page just might not work right ..?