Bit of a beginner question :p

Soldato
Joined
2 May 2004
Posts
19,943
Hi,

This is very noobish of me, from what I can see this is perfectly safe. I just wanted something simple to help keep the php file numbers to a minimum and nice & neat. Just want my script to be as secure as possible :)

I can't see any security exploits in this, & I really don't think the strip_tags is necessary, is it?

The code:
Code:
<?

$mode = $_GET['page'];

if(empty($mode))
{
	echo 'This is the page that\'s shown if there\'s no mode specified';
}

else if($mode == "edit")
{
	echo 'This is the page that\'s shown if "editprofile" is in mode';
}

else if($mode == "view")
{
	echo 'This page will show someones profile with &uid=id';
}

else
{
	// If none of the above or something invalid is entered then redir to this file which will show the default page.
	header("Location: ddd.php");
}

?>
 
Last edited:
Soldato
OP
Joined
2 May 2004
Posts
19,943
Good point lol, sometimes I make things longer and harder for myself :(

Ok, I edited it out. Is there no way the above can be exploited then?

Craig.
 
Soldato
OP
Joined
2 May 2004
Posts
19,943
Ok, I did this:

Code:
<?php

switch ($_GET['page']):

case page1:
   echo "page1";
   break;

case page2:
   echo "page2";
   break;

case page3:
   echo "page3";
   break;

default:
   echo "default page";
   
endswitch;

?>

That all looking good and safe? I can't see any way to exploit that myself, but there could be some complicated way. You never know!

Craig.
 
Soldato
Joined
12 Apr 2004
Posts
11,788
Location
Somewhere
Looks fine to me. As long as you're not using any user-derived data directly for output/headers or querying with no sanitation, then it should be safe.

Also, for the sake of consistency, I'd recommend you use C-style syntax for switch-statements:
Code:
switch ($foo)
{
    case "bar":
        // stuff
        break;
    default:
        // stuff
        break;
}
 
Soldato
OP
Joined
2 May 2004
Posts
19,943
Inquisitor said:
Looks fine to me. As long as you're not using any user-derived data directly for output/headers or querying with no sanitation, then it should be safe.

Also, for the sake of consistency, I'd recommend you use C-style syntax for switch-statements:
Code:
switch ($foo)
{
    case "bar":
        // stuff
        break;
    default:
        // stuff
        break;
}

Thanks :)

Also, it's just to keep it so I can basically have multiple pages within one file so I don't have to have tons of files, makes it look neater ;)

Thanks for the help everyone :)
 
Back
Top Bottom