<?php print('GET');
If I have the following WHERE GET is a GET parameter, is it possible to escape this for nefarious purposes i.e. can it be hacked?
Thanks
Asked
Active
Viewed 51 times
0
pee2pee
- 3,619
- 7
- 52
- 133
-
Maybe you are wanting `htmlspecialchars()` / `htmlentities()`? – Rasclatt Dec 21 '16 at 23:27
-
Nothing automaticlly treats a string as a variable name. – Barmar Dec 21 '16 at 23:27
-
My bad.... I misunderstood `WHERE GET is a GET parameter` – Mark Baker Dec 21 '16 at 23:29
1 Answers
0
Since you have 'GET' in quotes, it's a string literal. The fact that you have parameter $_GET['GET'] is not relevant -- when you print a literal, it just prints that string, it doesn't try to treat it as a variable, or the index in an array, or anything else.
So that print statement is perfectly safe.
Barmar
- 741,623
- 53
- 500
- 612