html - Stop PHP from running if a GET variable doesn't exist -

-

On my page, the user has a data to show which data is displayed. I used it only by using a dropdown list and got the parameter. It currently looks like this:

Form: 

  & lt; Form method = "get" action = "content.php" & gt; & Lt; Choose name = "tutorial block" & gt; & Lt; Option value = "tuts1" & gt; Block One - Getting Started & lt; / Options & gt; & Lt; Option value = "tuts2" & gt; Block two & lt; / Options & gt; & Lt; Option value = "tuts3" & gt; Block three & lt; / Options & gt; & Lt; / Select & gt; & Lt; Input type = "submit" & gt; & Lt; / Form & gt;

Script to load the data based on the user-selected option: 

  & lt ;? Php $ var_value = $ _GET ['tutorial block']; Include '/includes/'.$var_value.'php'; ? & Gt;

This works fine, and the PHP includes the correct file based on the user's choice, the issue is, if the user has not opted for an option, then only PHP The file does not paste errors, because it is looking for a file that is not there. Is there a way to prevent PHP scripts from running if the GET parameter is not set?

What you are doing now is the reason for some serious weaknesses. You can never trust user input

You should run your $ _ GET ['Tutorial Block'] against the whitelist here is an example for you. 

  $ whitelist = array ('page', 'blockpage', // etc); If (ift ($ _GET ['tutorial block']) & amp; empty ($ _GET ['tutorial block']) {// now make sure it's in the whitelist if (! In_array ($ _GET ['tutorialblock'] , $ Whitelist); (die ('bad page');} Other (include / '/includes/' .$_GET) 'tutorialball'ass.' .php ';}} and {// page of user page Did not select ... do something here ..}

The above is just a pseudo-code (example), yet user input is required. / Em>


Comments

Post a Comment

Popular posts from this blog

java - org.apache.http.ProtocolException: Target host is not specified -

-
I have written a simple httprequest / response code and I am getting this error below: I used to type in my classpath httpclient, httpcore, common -Codecs and general logging. I am very new to Java and I do not know what's going on here. Please help me. code: import org.apache.http.client.HttpClient; Import org.apache.http.client.methods.HttpGet; Import org.apache.http.HttpResponse; Import org.apache.http.impl.client.HttpClientBuilder; Import org.apache.http.Header; Import org.apache.http.HttpHeaders; Public class UnshorteningUrl {public static zero main (string [] args throws exception {HttpGet request = zero; HTTP Client Client = HTTP ClientBuilder.credit (). Build (); Try {Request = New HTTP Gate ("trib.me/1lBFzSi"); HttpResponse httpResponse = client.execute (request); Header [] header = httpResponse.getHeaders (HttpHeaders.LOCATION); // Preconditions.checkState (headers.length == 1); String new url = header [0] .getValue (); System.out.println ("new url...
Read more

java - Gradle dependencies: compile project by relative path -

-
Is it possible to specify a dependency on another gradeal project in the granular (in android studios) outside the current project limits? For example, with a relative path like this: dependence {collection project ('../../ stdlib / dagger'}} MyApp (path / user / foo / workspace / mypad) The app (Path / User / Foo / Workspace / MyPass / App) And I have an Android Library Project with 3 subdomules: stdlib (path is / user / foo / Utilities (Path / User / Foo / Workspace / Stadlib / Utilis) http (Path / User / Foo / Workspace / Stadlib / HT) / Li> What I have to do is compile the Dagger, Util, http module in the MyApp project. The Stidelib Library module under heavy development And MyApp will grow in the form of Growth, so I do not want to push them into a Mewen repository. I am a little change. is likely to add another Gredle projects in some way? I will push the study library into the Maven repository after the source is in search of a temp...
Read more

ruby on rails - Object doesn't support #inspect when used with .include -

-
So I have participated in a glitch error that I do not even know how to debug. I am very new to the railing, so it has kicked my ass well when I use the .includes (school) seen by the student, it gives a blue box error, But when I look at any other model and .includes (school) , the school works just fine. class student & lt; ActiveRecord :: Base has has_many: relationships, foreign_key: "liker_id", dependent :: has_many: matches, foreign_key: "student_1_id", dependent :: deleted belong_to: school belong_to: conference belong_to: would_you_rather belong_to: home city belong_to: year is_to: Major and class school & lt; on the console activatecord :: Affiliate for the base: conference includes: respondent, class: "school", foreign_key: "rival_id" (e.g. For: School) Select SQL generated Select "School". * "School" from "school" "ID" IN (1) error message back NoMethodError: u...
Read more