Reputation: 3828
Protect against GET parameter injection
I am new to php development and have been reading up on general security. I have an app which communicates with a PHP back end by posting parameters through a URL which is then processed on the server.
An example:
However I'm sure I am correct in thinking that this is vulnerable, someone could maliciously inject their own parameters and add their own credit?
How would I protect against this and are there any useful materials people would recommend I look at to get a good understanding of security fundamentals in general?
thanks
Upvotes: 1
Views: 1411
Answers (2)
Reputation: 3773
Do not use database ids for the credit card id. It makes it easy for users to access other users credit cards.
Use a random string that uniquely identifies the credit card
Upvotes: 2
Reputation: 165
You can use some simple sanitization in this case:
$addcredit = intval($_GET['addcredit']);
Upvotes: 0
Related Questions
- How to sanitize $_GET variables to prevent path injection?
- HTTP Parameter Pollution
- How to prevent code injection attacks in PHP?
- PHP protection of GET parameters
- Best way to avoid code injection in PHP
- Handle $_GET safely PHP
- preventing php injection in forms (if a user submits php code into a form)
- How to avoid "PHP injection"
- php5 security - get/post parameters
- How do I avoid reflection injection attacks in PHP?