New Topic/Question
Reply
Hi,
I'm having some trouble getting some PHP to work and wanted to confirm the below.
Is it ok to have a concatenated key when accessing $_POST?
For example, I might have a FOR loop in which $i is the variable incremented. Then, can I access $_POST['book1'], $_POST['book2'], etc. by putting in each loop:
$_POST['book'.strval($i)]
?
In case it is useful, the $_POST value is being used in a mysql INSERT query, which doesn't seem to be working.
Thanks for the feedback! (:
6 Replies - 442 Views - Last Post: 05 August 2009 - 12:41 PM
Rate Topic:
#1
cosmicappuccino
- New D.I.C Head
Reputation: 3
- Posts: 25
- Joined: 23-December 08
accessing $_POST with concatenated key
Posted 05 August 2009 - 09:41 AM
Is This A Good Question/Topic?
0
MultiQuoteReplies To: accessing $_POST with concatenated key
#2
gregwhitworth
- Tired.
-
Reputation: 200
- Posts: 1,561
- Joined: 20-January 09
Re: accessing $_POST with concatenated key
Posted 05 August 2009 - 09:55 AM
Yeah - I don't see why not. But why would you do the following:
That would produce book1, book2, etc...
But for security reasons, have you cleaned/sterilized your data before inserting it?
--
Greg
$_POST['book' . $i];
That would produce book1, book2, etc...
But for security reasons, have you cleaned/sterilized your data before inserting it?
--
Greg
This post has been edited by gregwhitworth: 05 August 2009 - 09:55 AM
Was This Post Helpful?
0
#3
cosmicappuccino
- New D.I.C Head
Reputation: 3
- Posts: 25
- Joined: 23-December 08
Re: accessing $_POST with concatenated key
Posted 05 August 2009 - 11:05 AM
Thanks for the answer, Greg!
As for the sterilization -- what would you normally recommend doing before inserting data? In this particular case, the variables will be alphanumeric only, but I'm not totally clear on this issue so would appreciate any guidelines for future use.
Thanks again,
As for the sterilization -- what would you normally recommend doing before inserting data? In this particular case, the variables will be alphanumeric only, but I'm not totally clear on this issue so would appreciate any guidelines for future use.
Thanks again,
Was This Post Helpful?
0
#4
Wimpy
- R.I.P. ( Really Intelligent Person, right? )
-
Reputation: 159
- Posts: 1,038
- Joined: 02-May 09
Re: accessing $_POST with concatenated key
Posted 05 August 2009 - 11:11 AM
You should always check if the received data contains only what you expect, in this case alphanumerics, you could use ctype_alnum() or the preg_match() functions. You always also escape the data, preferably with some native function like mysql_real_escape_string() for MySQL databases! 
cosmicappuccino, on 5 Aug, 2009 - 08:05 PM, said:
Thanks for the answer, Greg!
As for the sterilization -- what would you normally recommend doing before inserting data? In this particular case, the variables will be alphanumeric only, but I'm not totally clear on this issue so would appreciate any guidelines for future use.
Thanks again,
As for the sterilization -- what would you normally recommend doing before inserting data? In this particular case, the variables will be alphanumeric only, but I'm not totally clear on this issue so would appreciate any guidelines for future use.
Thanks again,
Was This Post Helpful?
0
#5
gregwhitworth
- Tired.
-
Reputation: 200
- Posts: 1,561
- Joined: 20-January 09
Re: accessing $_POST with concatenated key
Posted 05 August 2009 - 11:16 AM
Even still, if the user is allowed to input data into your SQL database without you sterilizing it - you have the capability of having your data hacked.
http://www.dreaminco...wtopic37214.htm
Read up on it a little, you want to do as much as you can to be secure. I still am working on maintaining security in my user inputted values, but it is a practice that you should learn, and learn early.
http://www.dreaminco...wtopic37214.htm
Read up on it a little, you want to do as much as you can to be secure. I still am working on maintaining security in my user inputted values, but it is a practice that you should learn, and learn early.
Was This Post Helpful?
0
#6
cosmicappuccino
- New D.I.C Head
Reputation: 3
- Posts: 25
- Joined: 23-December 08
Re: accessing $_POST with concatenated key
Posted 05 August 2009 - 12:22 PM
Thanks a lot, both of you. That's really helpful (:
Was This Post Helpful?
0
#7
Wimpy
- R.I.P. ( Really Intelligent Person, right? )
-
Reputation: 159
- Posts: 1,038
- Joined: 02-May 09
Re: accessing $_POST with concatenated key
Posted 05 August 2009 - 12:41 PM
No problem, note that you shouldn't only consider protecting yourself against sql injections since that is just one of a thousand different threats, but, it the end, everything ends up in validating incoming data and auth'ing users (authenticating and authorizing)!
Here's a link to some links you could follow to read up on, I haven't read them myself yet, to be honest:
http://en.wikipedia....curity_exploits
Here's a link to some links you could follow to read up on, I haven't read them myself yet, to be honest:
http://en.wikipedia....curity_exploits
This post has been edited by Wimpy: 05 August 2009 - 12:43 PM
Was This Post Helpful?
0
Page 1 of 1
|
|
| 