sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-16 00:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Mention that this is also true for POST (from a note by Mark Coudill).

Browse source 
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@333406 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Derick Rethans 2014-04-22 13:29:46 +00:00
parent 2fab4d7888
commit 0724a1791b
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
reference/mongo/security.xml
View file

@ -7,9 +7,10 @@
<section>
<title>Request Injection Attacks</title>
<para>
If you are passing <literal>$_GET</literal> parameters to your queries, make
sure that they are cast to strings first. Users can insert associative
arrays in GET requests, which could then become unwanted $-queries.
If you are passing <literal>$_GET</literal> (or <literal>$_POST</literal>)
parameters to your queries, make sure that they are cast to strings first.
Users can insert associative arrays in GET and POST requests, which could
then become unwanted $-queries.
</para>
<para>
@ -28,9 +29,9 @@
</para>
<para>
This is a fairly easy attack to defend against: make sure $_GET's parameters
are the type you expect before you send them to the database (cast them to
strings, in this case).
This is a fairly easy attack to defend against: make sure $_GET and $_POST
parameters are the type you expect before you send them to the database
(cast them to strings, in this case).
</para>
<para>