Re: PHP Passing Variables Between Pages and Security
- From: "Skeets" <skillet3232@xxxxxxxxx>
- Date: 10 Feb 2006 15:43:20 -0800
btw, i use bind variables when i'm inputting fuser orm information into
my db (postgresql). adodb's db abstraction layer (very good, btw) has
a pretty nice implementation. using bind variables means you don't
have to escape everything prior to submission and sql injection becomes
a non issue. if it is bad data, it doesn't get submitted, as i
understand it.
i posted this in another reply, but i'm not sure you will read it.
is this spoofable (i do use apache)?
$host=apache_request_headers();
if(!eregi('domain.com',$host[Referer])){
// good submission, do something
}else{
//bad submission, don't do anything
}
.
- Follow-Ups:
- Re: PHP Passing Variables Between Pages and Security
- From: Justin Koivisto
- Re: PHP Passing Variables Between Pages and Security
- References:
- PHP Passing Variables Between Pages and Security
- From: Skeets
- Re: PHP Passing Variables Between Pages and Security
- From: Kevin D.
- Re: PHP Passing Variables Between Pages and Security
- From: Justin Koivisto
- PHP Passing Variables Between Pages and Security
- Prev by Date: Re: Memory leak, what does it mean?
- Next by Date: Re: PHP Passing Variables Between Pages and Security
- Previous by thread: Re: PHP Passing Variables Between Pages and Security
- Next by thread: Re: PHP Passing Variables Between Pages and Security
- Index(es):
Relevant Pages
|
