needed for a usersystem login and register side at the moment. prefer a link to php.net somehwere if not ill still look

umm well how big is the site your using it on? anything like credit card dets going through it?

not yet :) just need for login register page ATM!

hmm well most probably, sessions would be better than cookies,

you could even encrypt the whole page, I used to have the site favourited but that was on my old pc :( just search something like php encryptor

hmm well most probably, sessions would be better than cookies,

you could even encrypt the whole page, I used to have the site favourited but that was on my old pc :( just search something like php encryptor
Why would you encrypt the whole page? No one gets to view the source code anyway.. so thats not a security risk.

If you use MySQL be sure to clean all inputed data and all $_GET's

Why would you encrypt the whole page? No one gets to view the source code anyway.. so thats not a security risk.

If you use MySQL be sure to clean all inputed data and all $_GET's

and $_POST's never forget them

Why would you encrypt the whole page? No one gets to view the source code anyway.. so thats not a security risk.

If you use MySQL be sure to clean all inputed data and all $_GET's

:P

Cheers caleb :)

class misc
{

function clean($var)
{

$var = htmlspecialchars( $var, ENT_QUOTES );

if( get_magic_quotes_gpc( ) ) {

$var = stripslashes( $var );

}

$var = str_replace( "\"", "", $var );
$var = htmlentities( $var );
$var = mysql_real_escape_string( $var );

return $var;

}

}
Simple thing I wrote up for Caleb in the quick reply box :P

Could use a few more cleaning functions though.

mysql_real_escape_string what does that do?
htmlentities what does that do?:P
get_magic_quotes_gpc and what does that do?

just want to learn thats all

mysql_real_escape_string cleans the given var so it is fit to be used in a sql query. It basically adds backslashes to the var in certain areas so that it can't be used in a query. This prevents SQL Injection.

htmlentities converts HTML in the given var to standard code. So basically it would convert » to ».

get_magic_quotes_gpc just checks if magic_quotes is enabled on the server :)

Thank you :)

Well... if you're making some sort of user system I always use Sessions instead of Cookies for a couple reasons:

a) Sessions are automatically deleted every 24 mins or so
b) Not all browsers have Cookies turned on
c) Sessions are simpler to set and remove

And as for the $_GET variables - I always try to avoid using them as much as possible unless you're talking like "yoursite.com?page=news" because if you use $_GET vars in place of Sessions and important data like that then its easier to hack or attempt to hack your system and manipulate your files, $_POST variables also work fairly well too for a variety of things.

And like everyone's already said, make sure you clean your inputs! All of them (including $_GET's)! I use these php functions to do the dirty work:


htmlentities()
preg_match()
str_replace()
nl2br()


Best of luck :)

Well... if you're making some sort of user system I always use Sessions instead of Cookies for a couple reasons:

a) Sessions are automatically deleted every 24 mins or so
b) Not all browsers have Cookies turned on
c) Sessions are simpler to set and remove

And as for the $_GET variables - I always try to avoid using them as much as possible unless you're talking like "yoursite.com?page=news" because if you use $_GET vars in place of Sessions and important data like that then its easier to hack or attempt to hack your system and manipulate your files, $_POST variables also work fairly well too for a variety of things.

And like everyone's already said, make sure you clean your inputs! All of them (including $_GET's)! I use these php functions to do the dirty work:

htmlentities()
preg_match()
str_replace()
nl2br()
Best of luck :)
wat do thy do? so i can learn

http://www.php.net :)

If cookies are disabled sessions won't work anyway unless you pass the session id via GETs or POSTs since by default the session ID is stored in a cookie.


Well... if you're making some sort of user system I always use Sessions instead of Cookies for a couple reasons:

a) Sessions are automatically deleted every 24 mins or so
b) Not all browsers have Cookies turned on
c) Sessions are simpler to set and remove

And as for the $_GET variables - I always try to avoid using them as much as possible unless you're talking like "yoursite.com?page=news" because if you use $_GET vars in place of Sessions and important data like that then its easier to hack or attempt to hack your system and manipulate your files, $_POST variables also work fairly well too for a variety of things.

And like everyone's already said, make sure you clean your inputs! All of them (including $_GET's)! I use these php functions to do the dirty work:

htmlentities()
preg_match()
str_replace()
nl2br()
Best of luck :)

If cookies are disabled sessions won't work anyway unless you pass the session id via GETs or POSTs since by default the session ID is stored in a cookie.

Okay, well let me re-phrase it then....

Your browser security settings have to be pretty high/cookies completely blocked in order for it not to accept a PHP Session Id whereas the settings don't usually have to be as high for it to block other Cookies that you set directly... anyways...

Atleast there are workaround with sessions if cookies are disabled!

The browser can't tell if its a PHP session ID or set by the script.


Okay, well let me re-phrase it then....

Your browser security settings have to be pretty high/cookies completely blocked in order for it not to accept a PHP Session Id whereas the settings don't usually have to be as high for it to block other Cookies that you set directly... anyways...

Atleast there are workaround with sessions if cookies are disabled!

http://www.php.net :)That site confuses me on how to navigate it :S