By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,722 Members | 1,227 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,722 IT Pros & Developers. It's quick & easy.

query_string test and strip.

P: n/a
Could someone give me the topics to look up on php.net, to be able to work
out how to remove stuff added to a query_string?

I wish to check $QUERY_STRING, and remove any user added extras.

TIA

PhilM
Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
PhilM wrote:
Could someone give me the topics to look up on php.net, to be able to work
out how to remove stuff added to a query_string?

I wish to check $QUERY_STRING, and remove any user added extras.


use explode() where & is the divider, then remove the index from the array
that you don't want to keep and the implode the rest of the array back.
//Aho
Jul 17 '05 #2

P: n/a
[alt.* removed from Followup-To header!]
PhilM wrote:
Could someone give me the topics to look up on php.net, to be able to work
out how to remove stuff added to a query_string?


The query string parameters are automagically transferred to the super
global array $_GET
http://pt.php.net/manual/en/language...predefined.php

For example, the client asks for "http://server/page.php?id=13&page=8"
and the page.php script can use the $_GET array like this:

<?php
$id = 0;
if (isset($_GET['id'])) $id = int($_GET['id']);

$page = 0;
if (isset($_GET['page'])) $page = int($_GET['page']);

echo "You chose id=$id and page=$page. Thank you.";
?>
Other options include
String management:
http://www.php.net/manual/en/ref.strings.php

Regular expressions:
http://www.php.net/manual/en/ref.pcre.php
--
USENET would be a better place if everybody read:
http://www.expita.com/nomime.html
http://www.netmeister.org/news/learn2quote2.html
http://www.catb.org/~esr/faqs/smart-questions.html
Jul 17 '05 #3

P: n/a

"J.O. Aho" <us**@example.net> wrote in message
news:2t*************@uni-berlin.de...
PhilM wrote:
Could someone give me the topics to look up on php.net, to be able to work out how to remove stuff added to a query_string?

I wish to check $QUERY_STRING, and remove any user added extras.


use explode() where & is the divider, then remove the index from the array
that you don't want to keep and the implode the rest of the array back.
//Aho


so, if my url including $QUERY_STRING looks like

/www.webhost/index.php?gallery&

$test=explode('&',$QUERY_STRING);
$QS=$test[0];

and then use $QS to determine, thru a switch statement, which content to
serve, would that be enough to prevent malicious/accidental fiddling?

Or would I be better comparing $QUERY_STRING for known permissible values,
and then setting and using $QS with the value detected?

(it's late 4:10 am... sorry if this is a daft Q)
Jul 17 '05 #4

P: n/a
PhilM wrote:
"J.O. Aho" <us**@example.net> wrote in message
news:2t*************@uni-berlin.de...
PhilM wrote:
Could someone give me the topics to look up on php.net, to be able to
work
out how to remove stuff added to a query_string?

I wish to check $QUERY_STRING, and remove any user added extras.


use explode() where & is the divider, then remove the index from the array
that you don't want to keep and the implode the rest of the array back.
//Aho

so, if my url including $QUERY_STRING looks like

/www.webhost/index.php?gallery&

$test=explode('&',$QUERY_STRING);
$QS=$test[0];

and then use $QS to determine, thru a switch statement, which content to
serve, would that be enough to prevent malicious/accidental fiddling?

Or would I be better comparing $QUERY_STRING for known permissible values,
and then setting and using $QS with the value detected?

(it's late 4:10 am... sorry if this is a daft Q)


I guess picking out those statements that are allowed should be easiest, pick
them out from your $test and push them into $QS.
//Aho
Jul 17 '05 #5

P: n/a
Cheers for that

Regards, PhilM
Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.