Differences
This shows you the differences between two versions of the page.
en:entwickler:uebergabevariablen_pruefen [2015/11/04 14:17] – created thomas-rcv | en:entwickler:uebergabevariablen_pruefen [2016/12/03 14:57] (current) – typos and urls and codestyle ximex | ||
---|---|---|---|
Line 3: | Line 3: | ||
Passing to PHP scripts can be easily manipulated by attackers. For this purpose, only the URL must be manipulated in accordance with the variable in the browser. For this reason it is very important that all passed variables are tested prior to use in the script to appropriate values. | Passing to PHP scripts can be easily manipulated by attackers. For this purpose, only the URL must be manipulated in accordance with the variable in the browser. For this reason it is very important that all passed variables are tested prior to use in the script to appropriate values. | ||
- | Admidio generally handles all passed **$ _ GET** and **$ _ POST** variables with the functions [[http://de2.php.net/ | + | Admidio generally handles all passed **$_GET** and **$_POST** variables with the functions [[https://secure.php.net/ |
- | To test the passed variable the function **admFuncvariableIsValid ** is available. The values of passed values should then be assigned to a new local variable with the prefix **get _**. Does the passed variable has the name ** $ _ GET [' | + | To test the passed variable the function **admFuncvariableIsValid ** is available. The values of passed values should then be assigned to a new local variable with the prefix **get**. Does the passed variable has the name **$_GET[' |
===== Function admFuncVariableIsValid ===== | ===== Function admFuncVariableIsValid ===== | ||
Line 28: | Line 28: | ||
=== Examples === | === Examples === | ||
<code php>// Number, which is optionally initialized to 0 | <code php>// Number, which is optionally initialized to 0 | ||
- | $get_dat_id | + | $getDatId |
// Text which is optionally initialized with DAT_DATES | // Text which is optionally initialized with DAT_DATES | ||
- | $get_headline | + | $getHeadline |
// Text which is optionally initialized with ' | // Text which is optionally initialized with ' | ||
- | $get_mode | + | $getMode |