Comments on: How to Set Up an Affiliate Link Redirect System http://www.wangarific.com/how-to-set-up-an-affiliate-link-redirect-system/ the internet is always open Tue, 17 Aug 2010 17:38:13 -0700 hourly 1 http://wordpress.org/?v=3.0.1 By: Mrs. Accountability http://www.wangarific.com/how-to-set-up-an-affiliate-link-redirect-system/comment-page-1/#comment-387 Mrs. Accountability Fri, 11 Jun 2010 23:42:04 +0000 http://www.wangarific.com/?p=332#comment-387 So that is how that is done. All way over my head, unfortunately. First, where does that snippet of php coding go? Into a notepad file saved to the root directory of my blog? And named something.php, or does it go somewhere in my blog coding? I am self hosting with Wordpress and Atahualpa. So that is how that is done. All way over my head, unfortunately. First, where does that snippet of php coding go? Into a notepad file saved to the root directory of my blog? And named something.php, or does it go somewhere in my blog coding? I am self hosting with WordPress and Atahualpa.

]]> By: jim http://www.wangarific.com/how-to-set-up-an-affiliate-link-redirect-system/comment-page-1/#comment-290 jim Sun, 31 Jan 2010 15:46:26 +0000 http://www.wangarific.com/?p=332#comment-290 Since the data is being used to form a URL, I don't think you have that risk. Since the data is being used to form a URL, I don’t think you have that risk.

]]> By: mbhunter http://www.wangarific.com/how-to-set-up-an-affiliate-link-redirect-system/comment-page-1/#comment-286 mbhunter Fri, 29 Jan 2010 02:38:39 +0000 http://www.wangarific.com/?p=332#comment-286 Right, there's no DB issue, but what about code injection or remote file inclusion via the $_GET variable? (There are decent descriptions of these on Wikipedia.) Right, there’s no DB issue, but what about code injection or remote file inclusion via the $_GET variable? (There are decent descriptions of these on Wikipedia.)

]]> By: jim http://www.wangarific.com/how-to-set-up-an-affiliate-link-redirect-system/comment-page-1/#comment-284 jim Thu, 28 Jan 2010 17:10:06 +0000 http://www.wangarific.com/?p=332#comment-284 In the above case, I wouldn't be too worried because the code just redirects people. It doesn't go into a database and it doesn't use the tag data to do it, so it's harmless. However, if you do access the database and use that tag information, htmlspecialchars won't be enough for someone experienced. If you want to learn more, you can read about it <a href="http://stackoverflow.com/questions/110575/do-htmlspecialchars-and-mysqlrealescapestring-keep-my-php-code-safe-from-injec" rel="nofollow">here</a>. The first answer is especially detailed. In the above case, I wouldn’t be too worried because the code just redirects people. It doesn’t go into a database and it doesn’t use the tag data to do it, so it’s harmless.

However, if you do access the database and use that tag information, htmlspecialchars won’t be enough for someone experienced. If you want to learn more, you can read about it here. The first answer is especially detailed.

]]> By: mbhunter http://www.wangarific.com/how-to-set-up-an-affiliate-link-redirect-system/comment-page-1/#comment-283 mbhunter Thu, 28 Jan 2010 08:22:25 +0000 http://www.wangarific.com/?p=332#comment-283 I'm enjoying these articles very much. So htmlspecialchars is enough to prevent injection? I’m enjoying these articles very much.

So htmlspecialchars is enough to prevent injection?

]]>