User Tools

Site Tools


ja:rule:num:外部入力の整数データを無闇にキャストしない

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
ja:rule:num:外部入力の整数データを無闇にキャストしない [2016/03/19 02:14] – [適合コード例 (strpsn)] yohgakija:rule:num:外部入力の整数データを無闇にキャストしない [2016/03/19 02:15] (current) – [適合コード例 (strpsn)] yohgaki
Line 75: Line 75:
 // There should be arbitrary length limit validation // There should be arbitrary length limit validation
 if (strspn(strlen($_GET['id']) > 100) { if (strspn(strlen($_GET['id']) > 100) {
-  throw new Exception('Invalid integer format');+  throw new Exception('Invalid integer format - too long');
 } }
 // Validate $_GET['id'] contains only 0 to 9 chars and leading +-. // Validate $_GET['id'] contains only 0 to 9 chars and leading +-.
ja/rule/num/外部入力の整数データを無闇にキャストしない.1458353679.txt.gz · Last modified: 2016/03/19 02:14 by yohgaki

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki