[FX.php List] This is doing my head in...
Gjermund Gusland Thorsen
ggt667 at gmail.com
Mon Nov 26 14:11:24 MST 2007
I read from what he writes that he uses the same script ( that uses
_REQUEST ) with two forms pointing to that script; one using POST and
the other using GET as method.
ggt667
On Nov 26, 2007 7:58 PM, Joel Shapiro <jsfmp at earthlink.net> wrote:
> Hi Steve
>
> A few random thoughts... maybe something will trigger something for
> you...
>
> - You say "the same piece of code at the top of the page gets called
> again" after doing your editing. Is the code duplicated within that
> same page or are you calling a different page? Are you using the
> same $_REQUEST['action'] for both parts / all three parts? (Is there
> any change if you put $_REQUEST['action'] into a $variable at the top
> of the page and then reference that later instead of $_REQUEST
> ['action']?)
>
> - Based on Dan's comment, I see you're using $messages[] instead of
> $message. Do you really store multiple messages here (and later know
> which one to echo)?
>
> HTH,
> -Joel
>
>
>
> On Nov 26, 2007, at 9:03 AM, DC wrote:
>
> > do you have any checkboxes? sometimes those can be sent to PHP via
> > arrays if the HTML defines the id or name with square brackets. at
> > least that's what your error says - string expected, but array gotten.
> >
> > GL,
> > dan
> >
> > Steve Winter had written:
> >> A typically cryptic, completely off the point, ggt post ;-)
> >> As I understand it, the theory of it is that it means that pages
> >> which
> >> require data to be posted, and are therefore capable of making
> >> changes to a
> >> database are more easily able to be 'hacked' if they use _REQUEST,
> >> since it
> >> means that someone could look at the source of your html page,
> >> determine
> >> variables about your database, then use a get command to 'attack'
> >> your
> >> database, or some such thing of that kind...
> >> In the case of that code, it's totally irrelevant, as the user has
> >> to have
> >> already logged in to get anywhere that code, they will never be
> >> able to
> >> determine its name from the web, since it's a page which is
> >> included by a
> >> page which in turn was included previously, based on a series of
> >> 'upstream
> >> decisions'...
> >> And for the record, the problem still persists, so if anyone can
> >> see any
> >> reason why code that will behave correctly when accessed once
> >> round all of a
> >> sudden 'flips out' when it's used a short time later...
> >> Thanks
> >> Steve
> >> -----Original Message-----
> >> From: fx.php_list-bounces at mail.iviking.org
> >> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Dale
> >> Bengston
> >> Sent: Sunday, 25 November 2007 5:12 p.m.
> >> To: FX.php Discussion List
> >> Subject: Re: [FX.php List] This is doing my head in...
> >> Why not?
> >> Dale
> >> On Nov 25, 2007, at 3:21 AM, Gjermund Gusland Thorsen wrote:
> >>> Never use _REQUEST, use _POST or _GET
> >> _______________________________________________
> >> FX.php_List mailing list
> >> FX.php_List at mail.iviking.org
> >> http://www.iviking.org/mailman/listinfo/fx.php_list
> >> No virus found in this incoming message.
> >> Checked by AVG Free Edition. Version: 7.5.503 / Virus Database:
> >> 269.16.6/1150 - Release Date: 24/11/2007
> >> 5:58 p.m.
> >> No virus found in this outgoing message.
> >> Checked by AVG Free Edition. Version: 7.5.503 / Virus Database:
> >> 269.16.6/1150 - Release Date: 24/11/2007
> >> 5:58 p.m.
> >> _______________________________________________
> >> FX.php_List mailing list
> >> FX.php_List at mail.iviking.org
> >> http://www.iviking.org/mailman/listinfo/fx.php_list
> > _______________________________________________
> > FX.php_List mailing list
> > FX.php_List at mail.iviking.org
> > http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list