Part 4: How to Build Custom PHP MySQL CMS Website Software



http://www.developphp.com/video/PHP#Custom-CMS-Development
Here we demonstrate how to secure the application from malicious strings being added to the URL variable. At this point that is the only security measure needed.

source

14 thoughts on “Part 4: How to Build Custom PHP MySQL CMS Website Software”

  1. So if you use

    $pageid = preg_replace('/[^0-9]/','1',$_GET['pid']);

    putting the 1 into the quotes before the $_GET it will return the user to the home page however the url remains the same with the unwanted character at the end, i.e.

    index.php?pid=a

    How can you avoid this so that if the user tries entering a the url will load as

    index.php?pid=1

    Thanks

  2. As I have only just started Adams CMS tutorial I know all my questions will have been asked 1001 times (at least) I have been trying to find the forums for this det of vids, I must be having a bad day as I cannot even locate them. I do a search but nothing related to the issues I am having comes up. Can someone draw me a map please!

  3. @HazzerProductions Yes, you will use this to replace all other characters if they are not a number or a character: $page = preg_replace("/[a-z0-9]*/i", "", $_GET["page"]);

    For the database, you must make sure the title of page is unique to avoid duplicate entries of the same page title.

  4. Adam thx for the tutorial, i just have one question, how can i send the the user to the home page, if he enters manually an invalid PID number? i d really appreciate ur help. thx again

  5. @JJDR04 – I fixed that issue in my recent PHP Pagination tutorial. Here is the fix:

    $pageid = preg_replace('#[^0-9]#i', '', $_GET['pid']); // filter everything but numbers for security(new)

  6. Why am I getting an error with this code? It's saying that 'pid' is undefined. Did you define it before this? What do you think could be the poblem?

Leave a Reply

Your email address will not be published. Required fields are marked *