Programming Theory
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Codewalkers ForumsOther TechnologiesProgramming Theory
Reload this Page

Is This Safe???

Discuss Is This Safe??? in the Programming Theory forum on Codewalkers.
Is This Safe??? Discuss here techniques and methods used to program effectively. Questions in this forum should be more like 'How do I build a better...' rather than 'This code doesn't work, how do I fix it?'

Record onscreen activity, your voice & webcam video. Turn everyday presentations into HD-quality videos.

For perfectly clear screencasts every time.
At the IBM® developerWorks Developer Knowledge Center you'll find resources for FREE ekits, Tutorials, Webcasts, Trial Downloads and more.


We cover the world of technology like no one else, constantly updating you with the best information available on open source software, Microsoft technologies, hardware and news from around the world.

Try Camtasia Studio today!
Visit the IBM® Developer Knowledge Center today!
Sign up today!

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Codewalkers Forums Sponsor:
  #1  
Old April 17th, 2005, 03:44 PM
jam wil's Avatar
jam wil jam wil is offline
James Williams
Codewalkers Newbie (0 - 499 posts)
  
Join Date: Apr 2007
Location: Calgary // Kelowna
Posts: 377 jam wil User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 15 m 7 sec
Reputation Power: 3
Is This Safe???
Hey guys.. I made an input validation method and I just wanted you're guys opinions on whether their are still loopholes or any ideas to make it safer / more efficient etc. Just basically a code critique, thank-you.
php Code:
Original - php Code 
  1. <?php
  2. function _prep($data,$loc = NULL) {
  3.             if (isset($data) && $data != "") {
  4.                 $mysql_banlist = array("insert", "select", "update", "delete", "distinct", "having", "truncate", "replace", "handler", "like", "as", "or", "procedure", "limit", "order by", "group by", "asc", "desc", "null");
  5.                 if (get_magic_quotes_gpc()) {
  6.                     $data = htmlentities(str_replace($mysql_banlist,'',strtolo  wer(trim($data))));
  7.                     return $data;
  8.                 } else {
  9.                     $data = htmlentities(str_replace($mysql_banlist,'',addslas  hes(strtolower(trim($data)))));
  10.                     return $data;
  11.                 }
  12.                     } else {
  13.                 if (isset($loc)) {
  14.                     header('location: ' . $loc);
  15.                     exit;
  16.                 } else {
  17.                     $mysql_banlist = array("insert", "select", "update", "delete", "distinct", "having", "truncate", "replace", "handler", "like", "as", "or", "procedure", "limit", "order by", "group by", "asc", "desc", "null");
  18.                     if (get_magic_quotes_gpc()) {
  19.                         $data = htmlentities(str_replace($mysql_banlist,'',strtolo  wer(trim($data))));
  20.                         return $data;
  21.                     } else {
  22.                         $data = htmlentities(str_replace($mysql_banlist,'',addslas  hes(strtolower(trim($data)))));
  23.                         return $data;
  24.                     }
  25.                 }
  26.             }
  27.         }
  28. ?>
Reply With Quote
  #2  
Old April 17th, 2005, 06:35 PM
nawlej nawlej is offline
Contributing User
Codewalkers Regular (2000 - 2499 posts)
  
Join Date: Apr 2007
Location: Dallas, Tx. USA
Posts: 2,008 nawlej User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 11 h 8 m 12 sec
Reputation Power: 5
RE: Is This Safe???
The only way to be sure is to test it yourself and see if it satisfies your requirements.
Reply With Quote
  #3  
Old April 17th, 2005, 07:14 PM
jam wil's Avatar
jam wil jam wil is offline
James Williams
Codewalkers Newbie (0 - 499 posts)
  
Join Date: Apr 2007
Location: Calgary // Kelowna
Posts: 377 jam wil User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 15 m 7 sec
Reputation Power: 3
RE: Is This Safe???
I mean it satisfies my requirements and does what I need it to do, however I am not a hacker and I don't know very much about hacking web apps so I was just wondering if anybody could find any loopholes or possible exploits in the code.
Reply With Quote
  #4  
Old April 17th, 2005, 08:06 PM
sliver's Avatar
sliver sliver is offline
Moderator
Codewalkers Novice (500 - 999 posts)
  
Join Date: Apr 2007
Location: WI, USA
Posts: 932 sliver User rank is Private First Class (20 - 50 Reputation Level)sliver User rank is Private First Class (20 - 50 Reputation Level) 
Time spent in forums: 1 Day 11 h
Reputation Power: 3
Send a message via AIM to sliver Send a message via XFire to sliver
RE: Is This Safe???
One thing I notice right away is you define $mysql_banlist twice with identical values. You should do this right after the function line, before you do the if's.
Reply With Quote
  #5  
Old April 17th, 2005, 08:08 PM
System System is offline
Codewalkers Novice (500 - 999 posts)
  
Join Date: Apr 2007
Posts: 665 System User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 3
Message Moved
Thread moved from 'PHP Coding' to 'Programming Theory' by andrew.

Reason:
Reply With Quote
  #6  
Old April 17th, 2005, 11:12 PM
jam wil's Avatar
jam wil jam wil is offline
James Williams
Codewalkers Newbie (0 - 499 posts)
  
Join Date: Apr 2007
Location: Calgary // Kelowna
Posts: 377 jam wil User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 15 m 7 sec
Reputation Power: 3
RE: Is This Safe???
ya, I was just about to do that... thanks guys!
Reply With Quote
  #7  
Old April 19th, 2005, 06:49 PM
Yian Yian is offline
Codewalkers Newbie (0 - 499 posts)
  
Join Date: Apr 2007
Location: UK
Posts: 279 Yian User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 3
RE: Is This Safe???
Are you using register_globals off or on? as that can be a major security problem.
Reply With Quote
  #8  
Old April 29th, 2005, 01:12 AM
jam wil's Avatar
jam wil jam wil is offline
James Williams
Codewalkers Newbie (0 - 499 posts)
  
Join Date: Apr 2007
Location: Calgary // Kelowna
Posts: 377 jam wil User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 h 15 m 7 sec
Reputation Power: 3
RE: Is This Safe???
OFF! any idiot who's code requires register_globals to be on is just stupid... thanks guys
Reply With Quote
Reply

Viewing: Codewalkers ForumsOther TechnologiesProgramming Theory > Is This Safe???

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump




 Free IT White Papers!
 
Create the Optimal Architecture for your Critical Applications
Warburton's the largest independently owned bakery in the UK faced a number of difficult challenges in providing the most robust yet efficient IT infrastructure for their organization's success. IBM's services combined with their xSeries servers created the perfect platform for their SAP environment with sufficient flexibility, and did so in very time effective fashion.
Request Your Free Technology Downloads!
 
Five Best Practices for Deploying a Successful Service-Oriented Architecture
This white paper describes the benefits you can expect with SOA, and how IBM can help take your business there.
Request Your Free Technology Downloads!
 
Gartner Magic Quadrant for Application Delivery Controllers
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses of solutions, and provides Magic Quadrant reporting for a quick comparison across all vendors. Learn from Gartner how you can benefit from an all-in-one device like Citrix NetScaler that delivers the highest levels of availability, performance and security.
Request Your Free Technology Downloads!
 
Knowledge is Power
What you don't know can hurt you, and is likely costing you money and increasing your security risks during an era of scarce resources. This white paper proposes six key strategies that enterprise security managers can use to improve their network defense posture.
Request Your Free Technology Downloads!
 
Rationalizing the Multi-Tool Environment
The rationalized multi-tool approach is flexible, scalable and cost effective. It provides the necessary input to the IT service management business processes. It preserves prior investments in monitoring tools, empowers technologists to select the best tools with which to do their jobs, and enhances effective response to incidents.
Request Your Free Technology Downloads!
 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 




© 2003-2010 by Developer Shed. All rights reserved. DS Cluster 2 Hosted by Hostway
For more Enterprise Application Development news, visit eWeek