Hello,
One way to enforce this is to do (example):
$validMode = array('last' => 'last', 'first' => 'first', 'all' => 'all');
if (!isset($validMode['$_GET['mode']])) { /* bad input */ }
else
$sqlWhere = $validMode['$_GET['mode']]));
Which is essentially enforcing a white list.
There's a ton of permutation of this type of validation. It obviously
won't work for a form field or something,
where the input is truly random and dynamic, but for fixed values, it
works fine.
- Ben
[EMAIL PROTECTED] wrote:
"So what exactly does the parameter Mode do? "
Normally, Mode= takes query parameters like "latest" or "featured"
member for sorting to select the correct display values. One of the
"correct" script generated calls is "index.php?Mode=last&Sex=all"
which tells the script to do a select for the latest members, both
male and female. This will display a block containing thumbnails of
members who meet the selection criteria.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
