1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Securing PHP/MySQL...

Discussion in 'PHP' started by killaklown, Nov 9, 2007.

  1. Kidijs

    Kidijs Active Member

    Messages:
    112
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    55
    #21
    kmap, what a strange copy from the php manual you got there. please don't scare people like that.
    SEMrush
     
    Kidijs, Nov 10, 2007 IP
    SEMrush
  2. kmap

    kmap Well-Known Member

    Messages:
    2,215
    Likes Received:
    29
    Best Answers:
    2
    Trophy Points:
    135
    #22
    Hmm is it something wrong i have posted

    Regards

    Alex
     
    kmap, Nov 10, 2007 IP
  3. matthewrobertbell

    matthewrobertbell Peon

    Messages:
    781
    Likes Received:
    35
    Best Answers:
    0
    Trophy Points:
    0
    #23
    preg_match is your friend;)
     
    matthewrobertbell, Nov 10, 2007 IP
  4. junandya

    junandya Member

    Messages:
    79
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    43
    #24

    As you said there, i agree with your opinion to use $_SESSION['id'], but i just thinking, if someone have logged in,....he still use the same browser, and then he opens his own php form that he had modified,....so he can use his own form & still have their session id also,....so he still can attack the website,.....is this right what i'm talking about????
     
    junandya, Nov 10, 2007 IP
  5. killaklown

    killaklown Well-Known Member

    Messages:
    2,666
    Likes Received:
    87
    Best Answers:
    0
    Trophy Points:
    165
    #25
    Wouldn't checking the referring url before putting the data into the database work?

    (HTTP_REFERER)
     
    killaklown, Nov 10, 2007 IP
    Smyrl likes this.
  6. garbageman

    garbageman Peon

    Messages:
    29
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #26
    Referrers can be faked. There's a nice little firefox plugin called Refcontrol. ;)
     
    garbageman, Nov 10, 2007 IP
  7. armatik

    armatik Peon

    Messages:
    27
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #27
    Well, you could add that in for extra security, because there's ways around everything. :cool:

    Sessions aren't like cookies.. I mean they are, but I think what you're thinking in terms of functionality is a cookie. The user wouldn't have that session on another website, just that one.
     
    armatik, Nov 10, 2007 IP
  8. killaklown

    killaklown Well-Known Member

    Messages:
    2,666
    Likes Received:
    87
    Best Answers:
    0
    Trophy Points:
    165
    #28
    Ive added reCAPTCHA to the registration page, would this stop people from being able to spam it from remote forms?
     
    killaklown, Nov 10, 2007 IP
  9. armatik

    armatik Peon

    Messages:
    27
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #29
    What is reCAPTCHA exactly, and what does it do?
     
    armatik, Nov 11, 2007 IP