Reputation: 9
PHP Harmful URL protection
I've made this script, but the 4th line isn't right and I have really no clue how to solve this. I really appriciate if someone helps me. This is my code:
<?php
$url = $_GET["url"];
$badsite = array("http://check.com", "http://hotmail.com");
if($url == $badsite) {
echo "This URL is harmful.";
} else {
echo "Not harmful";
header("Location: " . $_GET["url"]);
}
?>
So the thing which doesn't work is the following line
if($url == $badsite) {
How can I make it so it checks if the GET contains a $badsite?
Upvotes: 0
Views: 118
Answers (2)
Reputation: 7791
In this case you can use the function in_array:
<?php
$url = $_GET["url"];
$badsite = array("http://check.com", "http://hotmail.com");
if(in_array($url, $basite)) {
echo "This URL is harmful.";
} else {
echo "Not harmful";
header("Location: " . $_GET["url"]);
}
?>
Upvotes: 0
Reputation: 218798
You don't want to check if the value equals the array, you want to check if it's in the array. Perhaps something like this:
if (in_array($url, $badsite)) {
// ...
}
Side note, you don't need (or want, really) this echo statement:
echo "Not harmful";
header("Location: " . $_GET["url"]);
You might get an error by emitting output before sending a header. But even if you buffer output or in some other way suppress that error, there's no reason to emit output when returning a redirect response. The browser would display it for only an instant, if at all. A redirect by itself is a complete HTTP response, no output is required.
Upvotes: 1
Related Questions
- Security Reasons PHP
- PHP Prevent URL Tampering
- URL injection issue with php site
- PHP URL manipulation security issue
- Is url.com?somephpcode vulnerable to anything from my code?
- php file in URL - security
- What Security issues would warrant this kind of URL linking
- prevent url tampering in php
- The URL Security
- Php: How can I prevent attacks from url links written by users?