At 07:26 AM 8/12/2008, [EMAIL PROTECTED] wrote:
Hello David,
> So what exactly does the parameter Mode do? Isn't this line showing that a
> parameter with value got passed to a script with GET? In that case, which
> input validation / processing do your scripts have?
> David
> _______________________________________________
Indeed, it was a GET passed directly through the browser as a URL. At
first I didn't understand where it came from because the "selector" is
a link not a form. When you click on the link on the index page, it
Always, always, always sanitized input from the user. These hackers
will screen scrap web pages to get interesting looking links/forms
and then send them directly to your script trying to break it.
I usually check for certain strings, like "http://"; and "ftp://";, in
the $_GET and $_POST arrays and reject the attempt if they are
present. I also automatically ban the IP via my firewall program so
they can't get in again.
Ken
Ken
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
