This is my code, I can't see why this would be dangerous, because they can't use the "page" variable to navigate to something that isn't there, but can anyone think of an attack that could hit this that would cause a problem? that's really my only concern
switch(@$_GET['page']){
case "update":
break;
case "new":
default:
displayForm();
break;
}
the only reason I'm writing it this way is to avoid the
if(isset($_GET['page']{
}
and
else{
displayForm();
}
which feels too sloppy for me, I like clean code but I need to know if theres a big reason to check to see if something is set first before using it and suppressing the warning if there is one anyway.
also sorry for the grammar, me and my 3rd grade english teacher had major issues.
You could consider using an early return and only continue when 'page' is set since I agree with Dagon that your approach seems to be the sloppy one.
<?php
if (!isset($_GET['page'])) {
displayForm();
return;
}
// Now you could switch over your _GET['page']
switch($_GET['page']) {
case "update":
break;
case "new":
default:
displayForm();
break;
}
Right now I don't see any vulnerability in your code and my answer focuses more on the statement that checking for $_GET['page'] is sloppy. But in general you can and should consider to always validate your input by using i.e. the ctype functions.