6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Is there a security issue parsing urls using php\",\"text\":\"

I will be using parsing urls, so there any known or possible security issues associated with parsing urls?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"X10nD\"},\"upvoteCount\":0,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

There is nothing intrinsically insecure about parsing URLs.

\\n\\n

Blindly trusting data from a URI might introduce security issues.

\\n\\n

There may or may not be known security issues with particular functions you might use to parse URLs in particular versions of PHP.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Quentin\"},\"upvoteCount\":3}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","linux",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/linux/1","children":"linux"}]}],["$","span","apache2",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/apache2/1","children":"apache2"}]}],["$","span","php",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/php/1","children":"php"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/12e6bcf1fe8905d67d347f4a2a133957?s=256&d=identicon&r=PG","alt":"X10nD","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/257705/x10nd","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"X10nD"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",22030]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Is there a security issue parsing urls using php"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I will be using parsing urls, so there any known or possible security issues associated with parsing urls?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",90]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","8209500",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/bfa9dca6b5fd139349f987c6837a9042?s=256&d=identicon&r=PG","alt":"esycat","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/115132/esycat","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"esycat"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1364]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

What kind of parsing are you going to do and for what purpose?

\n\n

There already is parse_url. As noted by others, you should not trust any user input, so do quote properly before strong in the database or displaying back to the user. You may also need to consider, if it is relevant, that spaces and special characters may be represented differently depending on source of your data. But there's no potential harm in just comparing parts as like in comparing strings.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}],["$","div","8209267",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/1d2d3229ed1961d2bd81853242493247?s=256&d=identicon&r=PG","alt":"Quentin","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/19068/quentin","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Quentin"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",943097]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

There is nothing intrinsically insecure about parsing URLs.

\n\n

Blindly trusting data from a URI might introduce security issues.

\n\n

There may or may not be known security issues with particular functions you might use to parse URLs in particular versions of PHP.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",3]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","17523547",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/17523547","className":"text-blue-600 hover:underline","children":"PHP URL manipulation security issue"}]}],["$","li","31158608",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31158608","className":"text-blue-600 hover:underline","children":"Is url.com?somephpcode vulnerable to anything from my code?"}]}],["$","li","28786561",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/28786561","className":"text-blue-600 hover:underline","children":"PHP Harmful URL protection"}]}],["$","li","26551075",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/26551075","className":"text-blue-600 hover:underline","children":"Are URL variables safe"}]}],["$","li","21056723",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21056723","className":"text-blue-600 hover:underline","children":"Safest way to parse url for PHP CMS?"}]}],["$","li","1211236",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1211236","className":"text-blue-600 hover:underline","children":"Is this code vulnerable to hacker attack?"}]}],["$","li","7695197",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7695197","className":"text-blue-600 hover:underline","children":"URL parsing in PHP"}]}],["$","li","6521012",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6521012","className":"text-blue-600 hover:underline","children":"What Security issues would warrant this kind of URL linking"}]}],["$","li","4918427",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4918427","className":"text-blue-600 hover:underline","children":"enough checks/validation for url variable passed to php script in url?"}]}],["$","li","1886765",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1886765","className":"text-blue-600 hover:underline","children":"The URL Security"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Is there a security issue parsing urls using php

Answers (2)

Related Questions