Here we demonstrate how to secure the application from malicious strings being added to the URL variable. At this point that is the only security measure needed. Source Files – www.developphp.com
Video Rating: 4 / 5
by Admin 25 Comments
by Admin 25 Comments
Aggregate02 says
@HazzerProductions Yes, you will use this to replace all other characters if they are not a number or a character: $page = preg_replace(“/[a-z0-9]*/i”, “”, $_GET[“page”]);
For the database, you must make sure the title of page is unique to avoid duplicate entries of the same page title.
HazzerProductions says
Hi,
A quick question. I am building a site a bit more complex than on the tutorial but with some similarities. I have opted to use pagetitles rather then Page ID’s to load up the relevant data. [It is a gaming website so it makes searching for a game easier rather than remebering a number]
Is there a way, instead of using only numbers like in the tutorial, to only load the page if there is a matched pagetitle in the mysql database? If not, is there a way to put some security in place
regards
hellraizer17 says
Adam thx for the tutorial, i just have one question, how can i send the the user to the home page, if he enters manually an invalid PID number? i d really appreciate ur help. thx again
d21anthony says
Hey Adam, Thanks for clarifying the deprecated error – ereg_replace to preg_replace.. Mucho Apprieciated
agentmax69 says
justine bieber dislike your vid lol
agriosa says
I’ve hand coded html, css, ect, and used dreamweaver also in the past. Just trying to enter back into the design field, but unsure if i should focus solely on your type of barebones approach, or go the Drupal route. The D. route seems so so much more user friendly. The maintenance of keeping up to date manually vs. drupal …. i duno. drupal.org/node/65922 brings up the importance of keeping up to date, and the ease of drupal for this. … your 2Cents please. thanks.
agriosa says
I’ve been viewing your stuff. looks good, but questions. How would your bare bones approach compare to using drupal? I like your approach, but with security issues, updates, depricated tags, etc, wouldn’t one be better to approach CMS design using Drupal instead. After all.. there comes a time when maintenance becomes too overwhelming, especially if you do it All 100% yourself with your approach. To limit this issue, without being a serious php programer, wouldn’t D. be better? thanks for advice
JJDR04 says
@marciobremer
Adam is the only one to thank here. Not only he teaches us lots of great stuff, he also provides great support.
JJDR04 says
@flashbuilding
I keep getting the following error message: Undefined index: pid in …
Please note that after I click one of the generated pages, say “home” , the error disappears.
I was trying to paste the code here, but this form would generate an error, thus could not submit it to you for whatever reason.
Thanks for your help.
JJDR04 says
oooo
marciobremer says
there is my code: pastebin . com/FD1Ny5hM
marciobremer says
Hi Adam, my question is in image to simplify my question take a look please.
img651.imageshack.us/img651/6994/questioni.jpg
marciobremer says
@JJDR04 Hi everyone, i come here just to ask about the code because mine dont work too and i saw the answer!!! thank you very much!!!
JJDR04 says
@Kiajw
I am geeting the same error… any luck?
JJDR04 says
@flashbuilding
Thanks so much for your help.
flashbuilding says
@JJDR04 – I fixed that issue in my recent PHP Pagination tutorial. Here is the fix:
$pageid = preg_replace(‘#[^0-9]#i’, ”, $_GET[‘pid’]); // filter everything but numbers for security(new)
JJDR04 says
ereg_replace() is deprecated, thus it doesn’t work. I am trying to use the new function preg_replace() function to filter everything but numbers, in video #4
This is the structure of the function:
preg_replace($pattern, $replacement, $string);
$pageid=ereg_replace(“[^0-9]”.””.$_GET[‘pid’]);
This what I am testing with no luck: $pageid=preg_replace(“[^1-9]”,””,$_GET[‘pid’]);
Thanks.
ztarrfect says
Bless you !
arunkom00 says
Awesome, thank you very much for sharing this 🙂
Kiajw says
Why am I getting an error with this code? It’s saying that ‘pid’ is undefined. Did you define it before this? What do you think could be the poblem?
darkshoktong says
“An error occurred, please try again later.”
Cant seem to load part 4.. is this still available?
mine070 says
Cant wait for Part 5
tasticross says
Adam – Where is Part 5, i cannot find it. Cheers
PersonalComputerHelp says
Try going to the developphp forum and ask this question. I will answer your question there. It is a bit difficult to explain how to do this in a youtube comment. 🙂
singhinthehouse says
hey i want my mouse cursors like you…….which softwares did u use????????/
Aggregate02 says
@HazzerProductions Yes, you will use this to replace all other characters if they are not a number or a character: $page = preg_replace(“/[a-z0-9]*/i”, “”, $_GET[“page”]);
For the database, you must make sure the title of page is unique to avoid duplicate entries of the same page title.
HazzerProductions says
Hi,
A quick question. I am building a site a bit more complex than on the tutorial but with some similarities. I have opted to use pagetitles rather then Page ID’s to load up the relevant data. [It is a gaming website so it makes searching for a game easier rather than remebering a number]
Is there a way, instead of using only numbers like in the tutorial, to only load the page if there is a matched pagetitle in the mysql database? If not, is there a way to put some security in place
regards
hellraizer17 says
Adam thx for the tutorial, i just have one question, how can i send the the user to the home page, if he enters manually an invalid PID number? i d really appreciate ur help. thx again
d21anthony says
Hey Adam, Thanks for clarifying the deprecated error – ereg_replace to preg_replace.. Mucho Apprieciated
agentmax69 says
justine bieber dislike your vid lol
agriosa says
I’ve hand coded html, css, ect, and used dreamweaver also in the past. Just trying to enter back into the design field, but unsure if i should focus solely on your type of barebones approach, or go the Drupal route. The D. route seems so so much more user friendly. The maintenance of keeping up to date manually vs. drupal …. i duno. drupal.org/node/65922 brings up the importance of keeping up to date, and the ease of drupal for this. … your 2Cents please. thanks.
agriosa says
I’ve been viewing your stuff. looks good, but questions. How would your bare bones approach compare to using drupal? I like your approach, but with security issues, updates, depricated tags, etc, wouldn’t one be better to approach CMS design using Drupal instead. After all.. there comes a time when maintenance becomes too overwhelming, especially if you do it All 100% yourself with your approach. To limit this issue, without being a serious php programer, wouldn’t D. be better? thanks for advice
JJDR04 says
@marciobremer
Adam is the only one to thank here. Not only he teaches us lots of great stuff, he also provides great support.
JJDR04 says
@flashbuilding
I keep getting the following error message: Undefined index: pid in …
Please note that after I click one of the generated pages, say “home” , the error disappears.
I was trying to paste the code here, but this form would generate an error, thus could not submit it to you for whatever reason.
Thanks for your help.
JJDR04 says
oooo
marciobremer says
there is my code: pastebin . com/FD1Ny5hM
marciobremer says
Hi Adam, my question is in image to simplify my question take a look please.
img651.imageshack.us/img651/6994/questioni.jpg
marciobremer says
@JJDR04 Hi everyone, i come here just to ask about the code because mine dont work too and i saw the answer!!! thank you very much!!!
JJDR04 says
@Kiajw
I am geeting the same error… any luck?
JJDR04 says
@flashbuilding
Thanks so much for your help.
flashbuilding says
@JJDR04 – I fixed that issue in my recent PHP Pagination tutorial. Here is the fix:
$pageid = preg_replace(‘#[^0-9]#i’, ”, $_GET[‘pid’]); // filter everything but numbers for security(new)
JJDR04 says
ereg_replace() is deprecated, thus it doesn’t work. I am trying to use the new function preg_replace() function to filter everything but numbers, in video #4
This is the structure of the function:
preg_replace($pattern, $replacement, $string);
$pageid=ereg_replace(“[^0-9]”.””.$_GET[‘pid’]);
This what I am testing with no luck: $pageid=preg_replace(“[^1-9]”,””,$_GET[‘pid’]);
Thanks.
ztarrfect says
Bless you !
arunkom00 says
Awesome, thank you very much for sharing this 🙂
Kiajw says
Why am I getting an error with this code? It’s saying that ‘pid’ is undefined. Did you define it before this? What do you think could be the poblem?
darkshoktong says
“An error occurred, please try again later.”
Cant seem to load part 4.. is this still available?
mine070 says
Cant wait for Part 5
tasticross says
Adam – Where is Part 5, i cannot find it. Cheers
PersonalComputerHelp says
Try going to the developphp forum and ask this question. I will answer your question there. It is a bit difficult to explain how to do this in a youtube comment. 🙂
singhinthehouse says
hey i want my mouse cursors like you…….which softwares did u use????????/