Add-cart.php Num

: The num parameter is frequently used to designate the quantity or product ID . If not properly sanitized, it can be exploited via:

array. If the item is already there, it usually increments the quantity rather than adding a duplicate entry. Redirection add-cart.php num

An attacker sends: add-cart.php?num=1\r\n[ERROR] System compromised\r\n&id=105 : The num parameter is frequently used to

If you must keep ?num= , document its exact format and validate rigorously. add-cart.php num

Never accept price information from the client. The add-cart.php script should only receive the item_id and the quantity . The script should then query the database to retrieve the actual price of the item.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.