Reputation: 13
Identify all $_POST & $_GET entries in PHP
I'm writing a basic WAF and I'm up to the moment when I have to identify the attack vectors. When I'm detecting SQL injection or any other sort of intrusion attempt I need to check data submitted through every $_POST and $_GET input.
Besides, checking each header or input individually is there a way to inspect all at once?
Upvotes: 0
Views: 113
Answers (3)
Reputation: 781779
foreach ($_POST as $val) {
// check $val
}
foreach ($_GET as $val) {
// check $val
}
You need to process each array separately. If you try to merge them (either with array_merge or with the pre-merged $_REQUEST array), you'll skip duplicate keys.
Upvotes: 1
Reputation: 4887
foreach( array_merge($_POST, $_GET) as $Input)
{
check($Input);
}
Upvotes: 0
Reputation: 1878
yes, use the sanitize filters in php, they work on arrays like $_REQUEST etc.
http://php.net/manual/en/function.filter-input-array.php
http://php.net/manual/en/filter.filters.sanitize.php
Upvotes: 3
Related Questions
- Check if request is Get AND Post
- Loop through $_GET and $_POST in one go?
- check $_GET variable come from which page in php
- Check all $_POST Variable at once
- PHP - Capture All POST Variables
- filter all get/post and use some information
- PHP $_POST, $_GET, and $_REQUEST keys
- Distinguish GET from POST in PHP
- What's a good way to determine where POST information was sent from
- How do I tell for a php page if someone came by POST or GET?