how to make php security in the url with the get method
for example as
media.php?hal=detail&id=1
bro_1 0 Newbie Poster
veedeoo 474 Junior Poster Featured Poster
validate, sanitize, check for the referrer.
broj1 356 Humble servant Featured Poster
See OWASP Top Ten especially the A1 - Injection. Probably all the web developer needs to know about the security. It is a lot of stuff to read and you do not have to digest it all at once. But make sure you bookmark it.
elitefilming 0 Newbie Poster
Hi guys,Thanks for your informative post.I bookmarked this link.Actually I am beginning learner of web developer so it's really more useful to us.Thanks once again.
broj1 356 Humble servant Featured Poster
Welcome to php and hopefully you will get plenty of joy in programming. If this question is answered please mark the thread as solved.
bro_1 0 Newbie Poster
you can gives me an example
veedeoo 474 Junior Poster Featured Poster
This is a pretty simple ethical hacking for testing purposes only. This may work or may not work.. just bringing the points accross.
for example if you don't sanitize and validate this
media.php?hal=detail&id=1
and if I visited your site and I want to see all of your media. I would put this on my browser
media.php?hal=detail&id=10000000
Hoping that you did not turn off your error reporting. I would probably get an error saying
media_id is not valid or not found.
now, I know one of the column of your database. With this given info. thanks to your server, I can change the url above to
media.php?hal=detail&id=''ORmedia_id REGEXP '^[0-9]'
if we use that on our query, it will spit out all of the media with media_id matching anything from 0 to 9 ..
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.