| Strange stuff in $_GET |
|
Forum Index - Hobbies - Computers & Technology - Strange stuff in $_GET |
|
Pages:  1  |
|
|
|
| Posted on 2011-07-03 05:33:54 PM |
Link | Quote |
|
One of my friends found a way to inject mistyped data into $_GET, which I was able to simplify to this.
Is there any way to get rid of that and limit $_GET (and $_POST/$_COOKIE) to strings only without using is_array on every single item in them?
|
|
| Posted on 2011-07-04 12:37:21 AM |
Link | Quote |
|
|
This is done on purpose so that you can get collections of data from check boxes and such. As far as I know, it can not be disabled.
|
|
| Posted on 2011-07-26 07:28:20 AM |
Link | Quote |
|
Alcaro, just use is_array() to check if $_GET/$_POST/$_COOKIE variable is array. You cannot turn off this behavior, but it's useful sometimes... such as during multi-uploads of HTML5. Or you can do something like this:
Code<?php
foreach($_GET as &$variable){
if(is_array($variable)){
unset($variable);
}
}
|
|
| Posted on 2011-07-26 10:30:55 AM |
Link | Quote |
|
|
The problem is that I've got many forms and $_GET parameters, and adding that code in each of my scripts would quickly drive me crazy. I want a way to get rid of them without editing all of my scripts.
|
|
| Posted on 2011-07-26 03:53:06 PM |
Link | Quote |
|
|
Hack and recompile PHP yourself then I guess? Outside of that there is not much else you can do. Maybe a global include I suppose? But that is about it as far as I know.
|
| Last edited on 2011-07-26 03:53:29 PM by p4plus2. |
|
| Posted on 2011-07-26 04:02:35 PM |
Link | Quote |
|
auto_prepend_file or something is probably the best method.
Sometimes PHP annoys me.
|
|
| Posted on 2011-07-30 06:17:23 AM |
Link | Quote |
|
This is an intentional feature. If you use the values as strings, they will be implicitly cast to a string of the value "Array". You can explicitly do this by prepending the variable name with (string).
I don't really see what the problem is.
|
|
| Posted on 2011-07-30 06:43:11 AM |
Link | Quote |
|
The problem is that this implicit type casting throws warnings.
Some of PHP's "features" makes me think someone has been drunk.
|
|
| Posted on 2011-07-30 07:00:51 AM |
Link | Quote |
|
|
No it doesn't.
|
|
| Posted on 2011-07-30 03:58:02 PM |
Link | Quote |
|
Huh. It does for me. Maybe it changed in PHP 5.3?
Note to self: Find a way to get rid of 5.2 somehow.
|
|
| Posted on 2011-07-30 04:10:10 PM |
Link | Quote |
|
|
It shouldn't in PHP 5.2, either. How exactly are you using the variable?
|
|
| Posted on 2011-07-30 04:41:17 PM |
Link | Quote |
|
Codeif ($_GET["chan"]!="serioushax")
{
//irrelevant junk
} Codeecho "The channel is #",$_GET["chan"];
(The exact codes are slightly different since I don't have access to the real ones on this phone, but I am using very similar constructions.)
Are you doing it differently? If no, maybe show_errors is doing something weird.
|
|
| Posted on 2011-07-30 04:54:56 PM |
Link | Quote |
|
That really shouldn't cause any warnings. You should probably double check what the actual cause is.
The only thing I can think of is if you try to access single characters in strings using bracket notation ($var[0] or $var{0}), because they will be treated as array element keys for arrays. It's pretty easy to overcome this by simply using substr($var, 0, 1) instead.
Edit: You never told me what the exact error message is anyway.
|
| Last edited on 2011-07-30 04:56:16 PM by Kieran Menor. |
|
| Posted on 2011-07-31 04:50:06 PM |
Link | Quote |
|
|
After a discussion on the IRC, this problem is solved. strpos and htmlentities are whinier than the rest if they get oddly typed input. An explicit typecast isn't the perfect solution (I will need to modify some of my scripts), it's good enough.
|
|
|
| Pages: 1 |
|
|
|
|
Forum Index - Hobbies - Computers & Technology - Strange stuff in $_GET |
