Effervescent

This is just my temporary blog till I create my own on my site, one that actually counts statistics (posts, profile views, etc) correctly.

Name:
Location: Colombo, Sri Lanka

There's way too much to type.

2004-12-19

Never trust user input data (for PHP developers)

ugh! If your user ever enters any data via the POST or GET protocol, DO NOT ever trust it an ALWAYS validate it.

I just spent a few hours trying to figre out a problem where the root of the problem was user interference with input data.
He went directly into the database and manually edited some form data inserted via POST.
It was actually customer e-mails and so when I used the mail function to send e-mails (to some users who had a blank e-mail address thanks to customer interference in the database), I got a Internal Server Error - 500.
What made it worse was they they were using a CGI install of PHP and wouldn't let me look at their server logs.
I, now, validate all variables carrying data to any functions...ugh!

0 Comments:

Post a Comment

<< Home