$_GET Vulnerable?

sprinkles


2009 Sep 6 • 2480
10 ₧

I was jus' wondering if $_GET was vulnerable, like to mysql injection, xss, or whatever? ...then I got some ap, and shot a big ass lazar at everyone.

superjer
superjer

2005 Mar 20 • 3762

I'm not sure what you mean?

$_GET contains an element for every key in the URL's query string.

So a URL like:

hxxp://example.com/page?a=1&b=1&c=lol

populates $_GET with

$_GET['a'] = 1;
$_GET['b'] = 2;
$_GET['c'] = "lol";

It's entirely injection, I guess. You shouldn't trust what's in it, obviously, since anyone can put anything in a URL.

superjer
superjer

2005 Mar 20 • 3762

MySQL injection is when, for example, you do this:



because an attacker can use a URL like:

hxxp://example.com/page?id=1 OR 1

which will then SELECT everything in your table.