Menu
My PHP is very rusty. I have a md5 hash that's being passed via get to a script and then I'm grabbing it like this:
$id = $_GET['id'];
Obviously there's a security risk here...I was thinking of checking the string length to make sure it's 32 characters long but that doesn't seem very robust to me. What else could I do to make it more secure?
thanks
658
You could validate with a regex to make sure it consists of only alphanumeric characters.
E.g. something like this (my PHP is rusty too):
if(preg_match("/^[A-Fa-f0-9]{32}$/", $id) > 0) {
// All good
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
