...

View Full Version : What is happening, this should work.



influxer
08-29-2005, 04:39 PM
I have the following code in profile_add.php.



$code=$_GET['c'];

//check and see if propagated code is between 1-7 to prevent anything fishy
if($code && ($code!=1 || $code!=2 || $code!=3 || $code!=4 || $code!=5 || $code!=6 || $code!=7))
{
die('Invalid code. Please contact us if this problem persists.');
}


When I access this page as "profile_add.php?c=7" it is constantly executing the die() function!

How come?

Nightfire
08-29-2005, 05:09 PM
Better way to do that.


$code = int($_GET['c']);

if($code == '0' || $code >7){
die('Invalid code. Please contact us if this problem persists.');
}

influxer
08-29-2005, 05:13 PM
What is the int() in front of the GET command for?

Will it convert anything?

Nightfire
08-29-2005, 05:37 PM
Probably would be best to check if it's an integer instead of converting it I think.



$code = $_GET['c'];
if(!is_int($_GET['c'])){
die("Must be a numerical value");
}
if($code == '0' || $code >7){
die('Invalid code. Please contact us if this problem persists.');
}


Basically, jsut checks to make sure the code is a numerical value and nothing else. Some people like to experiment with the urls to alter things and see what happens if they put text in a part that only meant to have numbers, etc.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum