PHP
  Home arrow PHP arrow Page 5 - Reconsidering PHP variables
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Mobile Linux 
App Generation ROI 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PHP

Reconsidering PHP variables
By: Iulian Turnea
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 3 stars3 stars3 stars3 stars3 stars / 44
    2005-01-10

    Table of Contents:
  • Reconsidering PHP variables
  • Counting your cookies?
  • Checking variable types
  • A Method to your madness
  • Its the size that matters
  • Pssst... Whats the password?
  • And in Conclusion...
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Reconsidering PHP variables - Its the size that matters
    (Page 5 of 7 )

    Lets come back to the variables themselves.  In addition to checking the type of variable, we can also check the size or length as well.  One of the largest exploited issues among all types of software are 'buffer overflow' problems.  This is when more data is passed than the variables expect, and the data starts filling in other memory and variable locations.  If you check the length and size of your data, then you can harden yourself to this kind of exploit.  For example:

    <a href = index.php?action=1> Page1 </a>

    Use this code to check if the variable content has more than one character.

    $length = strlen($_GET['action'] );
    if($length>1){
    header(" Location:./error.php ");
    exit;
    }

    or

    $length = strlen($_GET['action'] );
    if($length!=1){
    header(" Location:./error.php ");
    exit;
    }

    In the same way you can check text. You can allow as many characters as you wish, and reject the rest.  For example:

    $length = strlen($_GET['text1'] );
    if($length>3000){
    header(" You can send up to 3000 characters ");
    exit;
    }

    Notice that there are 3000 characters allowed including white spaces.

    Next: Pssst... Whats the password? >>
     

    More PHP Articles
    More By Iulian Turnea


       · A poor article that promotes invalid HTML and uses a ludicrous substr() method to...
       · After reviewing the content of the article, we made some changes and corrections to...
       · Isn't stuff like HTTP_GET_VARS very old?
       · Its old, but it works. I think the article is pretty good, since it shows some...
       · If you use is_numeric() in place of is_integer(), then you can enclose the value of...
       · When you are using values in an HTML form, you should always quote the attribute...
       · I may be mistaken (not!) but in page 5 it reads:header(" You can send up to 3000...
       · $limit=count($_GET);echo $list;should be:echo $limit;There is no PHP...
       · oh how friendly...I am logged in, but am named 'Anonymous...
       · Terrible article.
       · First, you may be logged in, but you need to create a blog account in order to not...
       · I want a a complete and comprehensive guide on hardening your scripts to be...
       · I'm going to have to side with Rich. When judging an article, you should consider...
       · Excellent choice of books!
       · always thought devshed has some kind of a guywho at least screens the articles...
       · 
     
    >>> Post your comment now!

       

    PHP ARTICLES

    - Working With Different Namespaces in PHP 5
    - User Management Explained: Overview
    - Using Namespaces in PHP 5
    - Database Security: Guarding Against SQL Inje...
    - Building a Modular Exception Class in PHP 5
    - Database and Password Security for Web Appli...
    - Handling MySQL Data Set Failures in PHP 5
    - Building Site Registration for Web Applicati...
    - Intercepting Customized Exceptions in PHP 5
    - Securing Your Web Application Against Attacks
    - Sub Classing Exceptions in PHP 5
    - Authentication for Web Application Security
    - Building a Content Management System with Co...
    - Filters and Login Systems for Web Applicatio...
    - Working with the Email Class in Code Igniter
    Find More PHP Articles




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway
    Stay green...Green IT