MrFish Posted June 24, 2009 Share Posted June 24, 2009 I was think. Would it be possible to have my website through forms? Like, it there was a text form that when retrieved looked like this$username = $_REQUEST["username"];and the username form was set to something like this- username"]; Hacking script$asdfsadf = $_REQUEST["adasdad /* This would be to finish it off.*/ Would this be possible? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 24, 2009 Share Posted June 24, 2009 I have no idea what you're asking. You're showing a variable come through in $_REQUEST, and the code you posted isn't valid code, I can't tell what you're trying to ask. Link to comment Share on other sites More sharing options...
MrFish Posted June 24, 2009 Author Share Posted June 24, 2009 If the input text field was named "username", and you input the value - username"]; Hacking script$asdfsadf = $_REQUEST["adasdad /* This would be to finish it off.*/ when it is handled by- $username = $_REQUEST["username"]; would it not then become- $username = $_REQUEST["username"]; Hacking script$asdfsadf = $_REQUEST["adasdad"]; /* This would be to finish it off.*/ Link to comment Share on other sites More sharing options...
justsomeguy Posted June 24, 2009 Share Posted June 24, 2009 I may be dense, but I still don't know what you're asking. The first block of code is not valid code. This line:username"];doesn't make any sense. Then you just write "Hacking script", which I'm not sure what it's there for, and this line:$asdfsadf = $_REQUEST["adasdad /* This would be to finish it off.*/doesn't end correctly. So none of those lines are valid code, I don't know what you're asking. If you have an input called "username", and you submit the form, depending on whether it was submitted through get or post, you can find the value in $_GET['username'] or $_POST['username'], and you can also find it in $_REQUEST['username']. Beyond that, again I don't know what you're asking. Link to comment Share on other sites More sharing options...
Ingolme Posted June 24, 2009 Share Posted June 24, 2009 The information received from a form is a string. Strings aren't parsed as code, they are left as they are.$_REQUEST['username'] is an associative array.If you print the values of $_REQUEST you'll get something like: Array ( 'username' => 'username"];Hacking script$asdfsadf = $_REQUEST["adasdad /* This would be to finish it off.*/') There is no way to hack just by typing PHP script into a form, because the string is never parsed. What you do need to be careful of is sending MySQL queries with user input data. Link to comment Share on other sites More sharing options...
justsomeguy Posted June 25, 2009 Share Posted June 25, 2009 OH right, the question makes sense now. Looks like I picked the wrong week to quit sniffing glue. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.