Changes in use of "empty" command between php4 and php5

General PHP Help
#1

Hi, I am trying to upgrade to php5. All features seem to work except the following code. This is used to access my admin. panel. Now I can enter through a back door by uing another routine and then backpaging in the browser which somehow slips around this. I would like to know how i must reword this code to function in php5. Thanks in advance for any help.

Mike (rmharrington)

?>

<?php if (empty($_SESSION["admin"])) redirect("index.php?e=1"); //Single Delete if (!empty($_GET["delid"])) { mysql_query("delete from user_master where `user_id`=" . $_GET["delid"]); redirect($_SERVER["HTTP_REFERER"]); }
#2

The code you posted here should work properly in PHP5. But there might be a problem with this redirect:

[php]
redirect($_SERVER[“HTTP_REFERER”]);
[/php]

Value of HTTP_REFERER is set by browser, and can not be trusted. Try at least to compare this value with script name, and if equal - redirect somewhere else. So that there is no loop of redirects to the same script.

#3

Thanks for the quick answer. Will investigate the redirect. Perhaps this will help.

Sponsor our Newsletter | Privacy Policy | Terms of Service