coderex coderex - 1 month ago 12
PHP Question

what are the vulnerabilities in direct use of GET and POST?

i want to know what are the vulnerabilities while using the GET and POST variable directly.
ie with out trimming and addslashes function and mysql escape string something like that.

My Question is

What more we need to take care of while playing with GET and POST.

What kind of attacks are there like SQL injection?

Answer

In general, and not limited to GET and POST but also to any data that comes from outside the system (including cookies in the case of web applications):

Almost all vulnerabilities come down to "The user can run whatever code they like in the context you pass their input to".

  • If you pass it to an SQL database, they can run any SQL they like.
  • If you pass it to an HTML document, they can add any markup they like (including JavaScript)
  • If you pass it to the system shell, they can run any system command they like.
  • If you open a file with the name they pick, they can open any file they like. etc.

You need to think about what you are doing with the data. Looking for a list of possible things that can go wrong when accepting tainted input into any system in the world isn't going to produce an exhaustive list.

And as an aside: forget addslashes (it isn't effective), forget mysql_real_escape (it's too easy to make a mistake with it). Use parameterized queries: http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php