|
|
|
|
|
|
by Chyzwar
3524 days ago
|
|
|
You should use !==. isset is do not handle all corner cases, it would return true for empty strings or false for NULL. You should use framework like Laravel: Input::has('key') By design type of security challenge should not be an option. API endpoint should not check for $selectedOption == SECURITY_QUESTION. In this case you still vulnerable for the same attack. You always should return something. having just return; is bad. Finally you should use something safer than PHP since mistake can cost you money. |
|
|