[thelist] PHP help needed

Paul Bennett Paul.Bennett at wcc.govt.nz
Mon Nov 28 20:04:51 CST 2005

Hi Flavia,

Your approach is basically ok, although you've already raised some security issues.

Getting the username via the $_POST array and then outputting into the html code will give the user the images provided they have the right image name and path.

One thong you do want to be careful of is checking the value that is supplied as $username.
Basically this *may* form the basis of a security exploit if you don't check it and could be the start of people doing nasty things to your application.

<tip type="Web Application security">
OWASP has some very good, in-depth security whitepapers for download.

Read and become paranoid today, rather than very sorry in the future.

Chris Shiflett has a good, short book entitled 'Essential PHP Security' which is also highly recommended

More information about the thelist mailing list