Home/ Questions/Q 3723494
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T06:17:28+00:00

I was told I needed to validate the tokens below but I’m not sure

  • 0

I was told I needed to validate the tokens below but I’m not sure where to start. I only have public access to the website I’m pulling the data from. Someone explain to me tokens or give an example to get me moving?

Do I need access to the other server?

function send_CAD($number, $street, $website, $f_opts = true){         
    $year   = date('Y', time());    
    $number = trim($number);
    $street = urlencode(trim($street));
    $post_data = "__EVENTTARGET=&__EVENTARGUMENT=&".
                 "__VIEWSTATE=/wEPD...&" .
                 "__EVENTVALIDATION=/wEWNw...&".
                 "txtAddrNum=$number&listStDir=&";
...
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’m not sure exactly what you’re asking so here’s the answer in both directions:

    If you have a full url that you’re trying to parse, use parse_url:

    $url = 'http://username:password@hostname/path?arg=value#anchor';

print_r(parse_url($url));

echo parse_url($url, PHP_URL_PATH);

    The above example will output:

    Array
(
    [scheme] => http
    [host] => hostname
    [user] => username
    [pass] => password
    [path] => /path
    [query] => arg=value
    [fragment] => anchor
)

    If you have only the query part of the url you can use parse_str:

    parse_str($str, $output);
echo $output['first'];  // value
echo $output['arr'][0]; // foo bar
echo $output['arr'][1]; // baz

    If you have a url that you’re trying to construct use http_build_query:

    $data = array('foo'=>'bar',
              'baz'=>'boom',
              'cow'=>'milk',
              'php'=>'hypertext processor');

echo http_build_query($data); // foo=bar&baz=boom&cow=milk&php=hypertext+processor

    If you need to do validation on the data, once you’ve gotten it, you can use the built in filter_input functions with validation/sanitizing options in PHP:

    https://www.php.net/manual/en/ref.filter.php
    https://www.php.net/manual/en/function.filter-input-array.php

    https://www.php.net/manual/en/filter.filters.validate.php
    https://www.php.net/manual/en/filter.filters.sanitize.php

    Example from filter_validate_array page:

    /* data actually came from POST
$_POST = array(
    'product_id'    => 'libgd<script>',
    'component'     => '10',
    'versions'      => '2.0.33',
    'testscalar'    => array('2', '23', '10', '12'),
    'testarray'     => '2',
);
*/

$args = array(
    'product_id'   => FILTER_SANITIZE_ENCODED,
    'component'    => array('filter'    => FILTER_VALIDATE_INT,
                            'flags'     => FILTER_REQUIRE_ARRAY, 
                            'options'   => array('min_range' => 1, 'max_range' => 10)
                           ),
    'versions'     => FILTER_SANITIZE_ENCODED,
    'doesnotexist' => FILTER_VALIDATE_INT,
    'testscalar'   => array(
                            'filter' => FILTER_VALIDATE_INT,
                            'flags'  => FILTER_REQUIRE_SCALAR,
                           ),
    'testarray'    => array(
                            'filter' => FILTER_VALIDATE_INT,
                            'flags'  => FILTER_REQUIRE_ARRAY,
                           )

);

$myinputs = filter_input_array(INPUT_POST, $args);

var_dump($myinputs);
echo "\n";

    The above example will output:

    array(6) {
  ["product_id"]=>
      array(1) {
        [0] => string(17) "libgd%3Cscript%3E"
      }
  ["component"]=>
      array(1) {
        [0] => int(10)
      }
  ["versions"]=>
      array(1) {
        [0] => string(6) "2.0.33"
      }
  ["doesnotexist"]=>
      NULL
  ["testscalar"]=>
      bool(false)
  ["testarray"]=>
      array(1) {
        [0] => int(2)
      }
}
    • 0