Php helps you to quickly build big applications and many times, its easy to neglect the security matter. Its easy to believe that security breaches could not happen to your software. But what if it does happen? For this reason, security in your applications should be kept in consideration from the beginning.
Some people will be surprised to find out that you can check the number of POST or GET or even COOKIE variables. It's actually quite simple. So simple, it is commonly overlooked. By utilizing the count() function, you can see the number of elements in each array. If you did not send any GET variable, the array would be empty.
<? $limit = count($_GET); echo $list; ?>
// the echo is 0
If you are not expecting any GET variables and you have one in $HTTP_GET_VARS array, you can trap it accordingly. For example:
$limit = count($_GET); if ($limit>0){ echo (" Hacking Attempt "); exit; } // or redirect the suspect to an error page
$limit = count($_GET); if ($limit>0){ header(" Location:./error.php "); exit; }
You know how many variables your application is expecting in most conditions. If there are less that means that some problem may have occurred. But there is rarely a time that you would receive more than expected.
// if you send a form with 5 fields using POST you can check this
