sql - PHP GET must be filtered? -


i have page variables grabbed url via $_get['page'].

the question have is, due page setup, necessary filter variable if being used php switch grab page? example:

define('tab_id', 1100); define('page_id', 5005); define('title','goodies'); define('main',true); require_once "global.php";  if(!logged_in) {     header("location: ".www."/");     exit; }  if(!isset($_get['page'])){     $page = "badges"; } else {      $page = clean($_get['page']); }  $core->header(1); $core->header(2);  include(templates.'/generic-top.php');  switch($page){     default:     case "badges": {         include(templates.'/goodies/badges.php');                } }  include(templates.'/footer.php');

i have function named clean() used clean variable exploits, because variable not being used in queries of kind, switch(), necessary?

i'm not having problems current setup, i'm curious.

thank in advance!

nope. in fact, sanitising harmful, if happen have "page" has apostrophe in it, or whatever clean function affects (your switch fail)

what have here whitelist. haven't explicitly defined rejected.


Comments

Post a Comment

Popular posts from this blog

apache - Remove .php and add trailing slash in url using htaccess not loading css -

i have add following code htaccess file removing .php extension , add trailing slash urls. worked fine reduced page loading speed , css code not loading @ all. pages ugly. please help rewriteengine on rewritebase / ## hide .php extension snippet # externally redirect /dir/foo.php /dir/foo rewritecond %{the_request} ^[a-z]{3,}\s([^.]+)\.php [nc] rewriterule ^ %1/ [r,l] # add trailing slash rewritecond %{request_filename} !-f rewritecond %{request_uri} !/$ rewriterule . %{request_uri}/ [l,r=301] # internally forward /dir/foo /dir/foo.php rewritecond %{request_filename} !-d rewritecond %{request_filename}.php -f rewriterule ^(.*?)/?$ $1.php [l] we can rewrite urls using .htaccess files. before writing in .htaccess files need verify kind of server using. can check server adding a <?php phpinfo(); ?> in php page. ensure mod_rewrite module enabled in apache server. can identified checking phpinfo included page. common methods used url rewriting follows ...
Read more

javascript - jQuery show full size image on click -

pretty self explanatory not workking . i want display full image when user click on image... yes know there tons of plugins but i want keep simple. any idea ? css : .full { display: none; width: 500px; height: 500px; margin-left: 100px; margin-top: -300px; position: fixed; background-color: #f00; z-index: 6; } .thumbnail { width: 50px; height: 50px; } html: <img class="thumbnail" src="http://4.bp.blogspot.com/-uhbdp2esxng/txneptvi92i/aaaaaaaaaky/upfqis7zto0/s1600/rihanna-wallpaper.jpg"> jquery: $(document).ready(function() { $('.thumbnail').on('click', function() { var img = $('<img />',{src:this.src,'class':'full'}); $('.full').html(img).show(); console.log('done!'); }); }); try looking how jquery works. $(document).ready(function() { $('.thumbnail').on('click', function(...
Read more