Friday, January 5, 2007

Tar up, its a code trip!

Yup.

Browser-Compatibility:
When developing web based applications, as we do at ProjectSkyLine, we MUST check our software on different browsers and operating systems. We recenetly got ahold of Muli-IE,
a super useful tool that provides working copies of IE 3.0 -> 6.0. Even though the browsers identify themselves as your most current IE installation, they do behave correctly when rendering web pages. Kudos to the coders at Tredosoft for putting this together.

--; SELECT * FROM ...:
For database driven sites with php & mySQL there are alot of ways to handle state data. For simple sites its easy to pass a variable such as 'act' with a page value when navigating a site.
Such as index.php?act=1 (goes to page 1).

Now, if your taking this data and using it in a SQL Query such as:
'SELECT * FROM content_table WHERE act = ' . $_POST['act'];

..AND you didn't validate that input than you've got a serious problem.
This is called SQL injection, in its simplest form.

A visitor could easily alter the POST data in the URL; index.php?act=ph33rMyHaxorSkillz
If your lucky this would cause your code to halt execution after the failed query, thus displaying a plain white page for the visitor. You don't want this.

A quick fix for this is to validate the input of $_POST['act] against an array of allowed values. For small sites with limited pages, this is recommeneded.

Our sample site has 2 pages:

define(constHomePage, 1);
define(constHomePage, 2);

/* returns valid pages for our site */
function sitePages( )
{
 return array (  constHomePage    => constHomePage,
                 constContactPage => constContactPage
               );
}

/* fetch the value of act from POST data */
$actVal = $_POST['act'];

/* load the array of valid pages */
$vActSet = sitePages( );

if ( !isset($vActSet[$actVal]) )
{
   /* if actVal does not map to a key in this array */
   $actVal = constHomePage;
   /* push the user to the home page */
}

This code will change $actVal to the value of 'constHomePage' if something other than 1 or 2 is passed via the URL. There is no way for a malicious user to circumvent this code.

We will go into much more detail in upcoming entries and also provide a wrapper function for fetching values from $_POST, plus some other tasty code-bits.

- psl


Labels: , , ,

posted by ProjectSkyLine @ 2:16 PM   0 Comments  

0 Comments:

Post a Comment

<< Home