Quote:
|
Originally Posted by SmokeyTheBear
Thanx im a little new to php , since you seem to be a litle better, can i ask , the way i revised it will be fine right ? the way you did it is obviously better but mine would work right ? like as far as not accepting dangerous code it would just make the page invalid if someone tried x=filenam><br><hr><script>alert('hi')</script> i tried a few combo's couldnt find anything that looked langerous
like using you method if someone tried to introduce bad string it would fail using mine it wouldnt show bad stuff , but the page just might not work right ..?
|
I'm not sure offhand, if there's anything they could really do with this specific use. If you wanted tho, you could ...
REPLACE THIS:
Code:
$mov = $_GET['x'];
$mov = strip_tags($mov);
WITH THIS:
Code:
if( preg_match('/^([a-z0-9\ \-]+)\.mpg$/i',$_GET['x'],$m) ) {
$mov = $m[0];
}