PHP
  Home arrow PHP arrow Page 4 - Reconsidering PHP variables
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Mobile Linux 
App Generation ROI 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PHP

Reconsidering PHP variables
By: Iulian Turnea
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 3 stars3 stars3 stars3 stars3 stars / 44
    2005-01-10

    Table of Contents:
  • Reconsidering PHP variables
  • Counting your cookies?
  • Checking variable types
  • A Method to your madness
  • Its the size that matters
  • Pssst... Whats the password?
  • And in Conclusion...
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Reconsidering PHP variables - A Method to your madness
    (Page 4 of 7 )

    Checking the method that was used to invoke your script is also a good security practice.  This will help to harden your applications against unwanted breaches.  If you are expecting to use POST methods for your application, then don't allow your script to be invoked with a GET method.  For example:

    If ($_SERVER['REQUEST_METHOD'] == 'POST') {
    //your code goes here
    }
    else{
    echo (" Hacking Attempt ");
    exit;
    }

    Another thing you can do, is to check where the script is being invoked from.  The server variable $HTTP_SERVER_VARS[HTTP_REFERRER'] contains the previous web page location.  This can be very helpful blocking security problems, if you know your target audience.  But, that being said, there are a couple of caveats.  A hacker experienced in security intrusions may be able to spoof this to make it SEEM as if they came from the proper location.  Also, personal firewalls such as Norton Personal Firewall or Zone Alarm block the referrer value by default. In that case, the client browsers don't return any value for $HTTP_SERVER_VARS[HTTP_REFERRER'].  So while this is a can be a great tool to secure your scripts, it can also be virtually useless.

    Next: Its the size that matters >>
     

    More PHP Articles
    More By Iulian Turnea


       · A poor article that promotes invalid HTML and uses a ludicrous substr() method to...
       · After reviewing the content of the article, we made some changes and corrections to...
       · Isn't stuff like HTTP_GET_VARS very old?
       · Its old, but it works. I think the article is pretty good, since it shows some...
       · If you use is_numeric() in place of is_integer(), then you can enclose the value of...
       · When you are using values in an HTML form, you should always quote the attribute...
       · I may be mistaken (not!) but in page 5 it reads:header(" You can send up to 3000...
       · $limit=count($_GET);echo $list;should be:echo $limit;There is no PHP...
       · oh how friendly...I am logged in, but am named 'Anonymous...
       · Terrible article.
       · First, you may be logged in, but you need to create a blog account in order to not...
       · I want a a complete and comprehensive guide on hardening your scripts to be...
       · I'm going to have to side with Rich. When judging an article, you should consider...
       · Excellent choice of books!
       · always thought devshed has some kind of a guywho at least screens the articles...
       · 
     
    >>> Post your comment now!

       

    PHP ARTICLES

    - Working With Different Namespaces in PHP 5
    - User Management Explained: Overview
    - Using Namespaces in PHP 5
    - Database Security: Guarding Against SQL Inje...
    - Building a Modular Exception Class in PHP 5
    - Database and Password Security for Web Appli...
    - Handling MySQL Data Set Failures in PHP 5
    - Building Site Registration for Web Applicati...
    - Intercepting Customized Exceptions in PHP 5
    - Securing Your Web Application Against Attacks
    - Sub Classing Exceptions in PHP 5
    - Authentication for Web Application Security
    - Building a Content Management System with Co...
    - Filters and Login Systems for Web Applicatio...
    - Working with the Email Class in Code Igniter
    Find More PHP Articles




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 6 hosted by Hostway
    Stay green...Green IT