We've expanded our news coverage and improved our search! Visit
oreilly.com for the latest or search for all things across O'Reilly!
Article:
 |
|
Ten Security Checks for PHP, Part 2
|
Subject: |
|
Avoid Loose Typing Intricacies - fix |
Date: |
|
2003-04-07 23:32:18 |
From: |
|
ljweb
|
|
Rather than the
if ($user_id < 0 || $user_id > 2 || !isset($user_id)) {
line, I would advice the use of
if (is_int($user_id) && isset($users[$user_id])) {
The reason is, that even how small or large a usertable must be, there will always be someone skipping out from time to time, leaving empty slots in the list. Checking for larger/less-than is then not optimal and will produce yet another security flaw, as the subject of this very article states. Using "loginnames" rather than a number, would remove this problem same time.
I know, the code produces is not intended for production site (or I hope so), but the examples provided should rate as code worth copying and following.
/ Lars
www.ljweb.com
|
1 to 1 of 1
-
-
Avoid Loose Typing Intricacies - fix
2003-04-08 00:58:01
clancymalcolm
[View]
1 to 1 of 1