Differences

This shows you the differences between two versions of the page.

Link to this comparison view

en:entwickler:uebergabevariablen_pruefen [2015/11/04 14:17] – created thomas-rcven:entwickler:uebergabevariablen_pruefen [2016/12/03 14:57] (current) – typos and urls and codestyle ximex
Line 3: Line 3:
 Passing to PHP scripts can be easily manipulated by attackers. For this purpose, only the URL must be manipulated in accordance with the variable in the browser. For this reason it is very important that all passed variables are tested prior to use in the script to appropriate values. Passing to PHP scripts can be easily manipulated by attackers. For this purpose, only the URL must be manipulated in accordance with the variable in the browser. For this reason it is very important that all passed variables are tested prior to use in the script to appropriate values.
  
-Admidio generally handles all passed **$ _ GET** and **$ _ POST** variables with the functions [[http://de2.php.net/manual/de/function.strip-tags.php|strip_tags]] and [[http://de2.php.net/manual/de/function.addslashes.php|addslashes]]. Thus it is not possible on the one hand to put HTML code in a variable, and on other side perform SQL injection.+Admidio generally handles all passed **$_GET** and **$_POST** variables with the functions [[https://secure.php.net/manual/en/function.strip-tags.php|strip_tags]] and [[https://secure.php.net/manual/en/function.addslashes.php|addslashes]]. Thus it is not possible on the one hand to put HTML code in a variable, and on other side perform SQL injection.
  
-To test the passed variable the function **admFuncvariableIsValid ** is available. The values of passed values should then be assigned to a new local variable with the prefix **get _**. Does the passed variable has the name ** $ _ GET ['headline'] **, so the local variable should be namend  ** $get_headline**. So you can see in the code directly that the value comes from a passed variable and you handle the content optionally careful.+To test the passed variable the function **admFuncvariableIsValid ** is available. The values of passed values should then be assigned to a new local variable with the prefix **get**. Does the passed variable has the name **$_GET['headline']**, so the local variable should be named **$getHeadline**. So you can see in the code directly that the value comes from a passed variable and you handle the content optionally careful.
  
 ===== Function admFuncVariableIsValid ===== ===== Function admFuncVariableIsValid =====
Line 28: Line 28:
 === Examples === === Examples ===
 <code php>// Number, which is optionally initialized to 0 <code php>// Number, which is optionally initialized to 0
-$get_dat_id = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', 0);+$getDatId = admFuncVariableIsValid($_GET, 'dat_id', 'numeric', 0);
  
 // Text which is optionally initialized with DAT_DATES // Text which is optionally initialized with DAT_DATES
-$get_headline = admFuncVariableIsValid($_GET, 'headline', 'string', $gL10n->get('DAT_DATES'));+$getHeadline = admFuncVariableIsValid($_GET, 'headline', 'string', $gL10n->get('DAT_DATES'));
  
 // Text which is optionally initialized with 'actual' and only the values 'actual' and 'old' must be included // Text which is optionally initialized with 'actual' and only the values 'actual' and 'old' must be included
-$get_mode = admFuncVariableIsValid($_GET, 'mode', 'string', 'actual', false, array('actual', 'old'));</code>+$getMode = admFuncVariableIsValid($_GET, 'mode', 'string', 'actual', false, array('actual', 'old'));</code>
  • en/entwickler/uebergabevariablen_pruefen.txt
  • Last modified: 2016/12/03 14:57
  • by ximex