index.php?mode=something.php

[RyanD]

To start, please don't make fun of me cause I'm a n00b, lol.

Now, what are these index.php?mode=something.php things I keep seeing? Where can I find out more about them, and how to use them? I used to have a script that had some of them in it but I can't seem to find that script now... someone please let me know what this is called and where I can find more information about it. Thank you.

-Ryan

[kantlivelong]

Welcome to TechIMO!

They are very insecure :P, those sites can be hacked down within a matter of
minutes...

The language is PHP http://php.net

You need real webhosting.(not geocities and such)

[filipino]

Quote:

Originally Posted by kantlivelong

They are very insecure :P, those sites can be hacked down within a matter of minutes...

php? insecure? not that i know of (it depends on coder) php is the script/laguage use to interact with database which is mySQL, php has the same technology as Coldfusion (much easier to learn) but different from ASP.NET.

did i confuse you?

[kantlivelong]

no PHP is secure. but what hes talking about "index.php?mode=something.php" generally is just like this

include($mode);

which can be exploited very easily..

also mysql is just a lib for PHP. PHP wasnt made to interact with mySql but it works well with it.

[RyanD]

Well then... what is a secure way of using includes to do what I'm talkin about... I know there's a buttload of different ways to do this. instead of mode I've seen pagename, sid, item, or folder, and several more which I can't think of at the moment. So any idea's on how to make it work for me? Anything is great. Thanks.

[mazdarx7-64]

For something more secure than PHP i'd suggest Java Server Pages. It is not to different than ASP if you know that already. JSP by itself is not that bad to learn.

[kantlivelong]

heres a simple example of how i do it

request:
index.php?p=news

code:

Code:

switch($_REQUEST['p'])
{
     case "news":
          $file="news.php";
     break;

     default:
          $file="home.php";
     break;
}

include($file.php);

[jkrohn]

A secure way? It is called data validation and sanitazion.

You CHECK mode to make sure it is what you think it is.
Post is not any more secure than get. You need to do data validation EITHER way.

I would run $mode through a select statement on its value. This requires you to enumerate all possible pages, but it is quite secure.

Jkrohn

[kantlivelong]

Quote:

Originally Posted by mazdarx7-64

For something more secure than PHP i'd suggest Java Server Pages. It is not to different than ASP if you know that already. JSP by itself is not that bad to learn.

as stated before. any language is as secure as the programmer.. on another note.. ASP is usually on windows servers(yuk) and JSP usually means you will need to pay a seperate fee to have it enabled with most webhosts.

[kantlivelong]

Quote:

Originally Posted by jkrohn

A secure way? It is called data validation and sanitazion.

You CHECK mode to make sure it is what you think it is.
Post is not any more secure than get. You need to do data validation EITHER way.

I would run $mode through a select statement on its value. This requires you to enumerate all possible pages, but it is quite secure.

Jkrohn

exactly what i wrote above :P