query_string test and strip.

Re: query_string test and strip.

PhilM wrote:[color=blue]
> Could someone give me the topics to look up on php.net, to be able to work
> out how to remove stuff added to a query_string?
>
> I wish to check $QUERY_STRING, and remove any user added extras.[/color]

use explode() where & is the divider, then remove the index from the array
that you don't want to keep and the implode the rest of the array back.


//Aho

Re: query_string test and strip.

[alt.* removed from Followup-To header!]
PhilM wrote:[color=blue]
> Could someone give me the topics to look up on php.net, to be able to work
> out how to remove stuff added to a query_string?[/color]

The query string parameters are automagically transferred to the super
global array $_GET


For example, the client asks for "http://server/page.php?id=13& page=8"
and the page.php script can use the $_GET array like this:

<?php
$id = 0;
if (isset($_GET['id'])) $id = int($_GET['id']);

$page = 0;
if (isset($_GET['page'])) $page = int($_GET['page']);

echo "You chose id=$id and page=$page. Thank you.";
?>


Other options include
String management:


Regular expressions:



--
USENET would be a better place if everybody read:

Re: query_string test and strip.


"J.O. Aho" <user@example.n et> wrote in message
news:2tq9ctF22i 48gU1@uni-berlin.de...[color=blue]
> PhilM wrote:[color=green]
> > Could someone give me the topics to look up on php.net, to be able to[/color][/color]
work[color=blue][color=green]
> > out how to remove stuff added to a query_string?
> >
> > I wish to check $QUERY_STRING, and remove any user added extras.[/color]
>
> use explode() where & is the divider, then remove the index from the array
> that you don't want to keep and the implode the rest of the array back.
>
>
> //Aho[/color]

so, if my url including $QUERY_STRING looks like

/www.webhost/index.php?galle ry&

$test=explode(' &',$QUERY_STRIN G);
$QS=$test[0];

and then use $QS to determine, thru a switch statement, which content to
serve, would that be enough to prevent malicious/accidental fiddling?

Or would I be better comparing $QUERY_STRING for known permissible values,
and then setting and using $QS with the value detected?

(it's late 4:10 am... sorry if this is a daft Q)

Re: query_string test and strip.

PhilM wrote:[color=blue]
> "J.O. Aho" <user@example.n et> wrote in message
> news:2tq9ctF22i 48gU1@uni-berlin.de...
>[color=green]
>>PhilM wrote:
>>[color=darkred]
>>>Could someone give me the topics to look up on php.net, to be able to[/color][/color]
>
> work
>[color=green][color=darkred]
>>>out how to remove stuff added to a query_string?
>>>
>>>I wish to check $QUERY_STRING, and remove any user added extras.[/color]
>>
>>use explode() where & is the divider, then remove the index from the array
>>that you don't want to keep and the implode the rest of the array back.
>>
>>
>> //Aho[/color]
>
>
> so, if my url including $QUERY_STRING looks like
>
> /www.webhost/index.php?galle ry&
>
> $test=explode(' &',$QUERY_STRIN G);
> $QS=$test[0];
>
> and then use $QS to determine, thru a switch statement, which content to
> serve, would that be enough to prevent malicious/accidental fiddling?
>
> Or would I be better comparing $QUERY_STRING for known permissible values,
> and then setting and using $QS with the value detected?
>
> (it's late 4:10 am... sorry if this is a daft Q)
>
>[/color]

I guess picking out those statements that are allowed should be easiest, pick
them out from your $test and push them into $QS.


//Aho

Re: query_string test and strip.

Cheers for that

Regards, PhilM