Home arrow PHP arrow Page 5 - Reconsidering PHP variables

Its the size that matters - PHP

Php helps you to quickly build big applications and many times, its easy to neglect the security matter. Its easy to believe that security breaches could not happen to your software. But what if it does happen? For this reason, security in your applications should be kept in consideration from the beginning.

TABLE OF CONTENTS:
  1. Reconsidering PHP variables
  2. Counting your cookies?
  3. Checking variable types
  4. A Method to your madness
  5. Its the size that matters
  6. Pssst... Whats the password?
  7. And in Conclusion...
By: Iulian Turnea
Rating: starstarstarstarstar / 45
January 10, 2005

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Lets come back to the variables themselves.  In addition to checking the type of variable, we can also check the size or length as well.  One of the largest exploited issues among all types of software are 'buffer overflow' problems.  This is when more data is passed than the variables expect, and the data starts filling in other memory and variable locations.  If you check the length and size of your data, then you can harden yourself to this kind of exploit.  For example:

<a href = index.php?action=1> Page1 </a>

Use this code to check if the variable content has more than one character.

$length = strlen($_GET['action'] );
if($length>1){
header(" Location:./error.php ");
exit;
}

or

$length = strlen($_GET['action'] );
if($length!=1){
header(" Location:./error.php ");
exit;
}

In the same way you can check text. You can allow as many characters as you wish, and reject the rest.  For example:

$length = strlen($_GET['text1'] );
if($length>3000){
header(" You can send up to 3000 characters ");
exit;
}

Notice that there are 3000 characters allowed including white spaces.



 
 
>>> More PHP Articles          >>> More By Iulian Turnea
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: