mysql_real_escape_string cleans the given var so it is fit to be used in a sql query. It basically adds backslashes to the var in certain areas so that it can't be used in a query. This prevents SQL Injection.
htmlentities converts HTML in the given var to standard code. So basically it would convert » to ».
get_magic_quotes_gpc just checks if magic_quotes is enabled on the server
Results 11 to 19 of 19
Thread: wat php security is..
-
-
Thank you
-
Well... if you're making some sort of user system I always use Sessions instead of Cookies for a couple reasons:
a) Sessions are automatically deleted every 24 mins or so
b) Not all browsers have Cookies turned on
c) Sessions are simpler to set and remove
And as for the $_GET variables - I always try to avoid using them as much as possible unless you're talking like "yoursite.com?page=news" because if you use $_GET vars in place of Sessions and important data like that then its easier to hack or attempt to hack your system and manipulate your files, $_POST variables also work fairly well too for a variety of things.
And like everyone's already said, make sure you clean your inputs! All of them (including $_GET's)! I use these php functions to do the dirty work:
- htmlentities()
- preg_match()
- str_replace()
- nl2br()
Best of luck
-
wat do thy do? so i can learn
Originally Posted by Scriptz
Well... if you're making some sort of user system I always use Sessions instead of Cookies for a couple reasons:
a) Sessions are automatically deleted every 24 mins or so
b) Not all browsers have Cookies turned on
c) Sessions are simpler to set and remove
And as for the $_GET variables - I always try to avoid using them as much as possible unless you're talking like "yoursite.com?page=news" because if you use $_GET vars in place of Sessions and important data like that then its easier to hack or attempt to hack your system and manipulate your files, $_POST variables also work fairly well too for a variety of things.
And like everyone's already said, make sure you clean your inputs! All of them (including $_GET's)! I use these php functions to do the dirty work:
- htmlentities()
- preg_match()
- str_replace()
- nl2br()
Best of luck
-
-
If cookies are disabled sessions won't work anyway unless you pass the session id via GETs or POSTs since by default the session ID is stored in a cookie.
Originally Posted by Scriptz
Well... if you're making some sort of user system I always use Sessions instead of Cookies for a couple reasons:
a) Sessions are automatically deleted every 24 mins or so
b) Not all browsers have Cookies turned on
c) Sessions are simpler to set and remove
And as for the $_GET variables - I always try to avoid using them as much as possible unless you're talking like "yoursite.com?page=news" because if you use $_GET vars in place of Sessions and important data like that then its easier to hack or attempt to hack your system and manipulate your files, $_POST variables also work fairly well too for a variety of things.
And like everyone's already said, make sure you clean your inputs! All of them (including $_GET's)! I use these php functions to do the dirty work:
- htmlentities()
- preg_match()
- str_replace()
- nl2br()
Best of luck
-
Okay, well let me re-phrase it then.... Originally Posted by Tomm
Your browser security settings have to be pretty high/cookies completely blocked in order for it not to accept a PHP Session Id whereas the settings don't usually have to be as high for it to block other Cookies that you set directly... anyways...
Atleast there are workaround with sessions if cookies are disabled!
-
The browser can't tell if its a PHP session ID or set by the script.
Originally Posted by Scriptz
-
That site confuses me on how to navigate it :S Originally Posted by Dentafrice,
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts