Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

HTTP_REFERER storing in mysql

Posted on 2007-03-27
3
362 Views
Last Modified: 2013-12-13
hi,

How do need to / how do i   validate HTTP_REFERER?
is it safe to store HTTP_REFERER in mysql using only mysql_real_escape_string?

I want to store the referer into my database.  is this safe enough?
$referer                =   getenv(HTTP_REFERER);
$sql    =   sprintf("INSERT INTO referer_table(`referer_id`, `referer`) VALUES('', '%s') ",
                                                    mysql_real_escape_string($referer));

Concerned about SQL injection.


0
Comment
Question by:ussher
3 Comments
 
LVL 35

Expert Comment

by:Raynard7
ID: 18805537
Hi,

headers can be forged, to be on the safe side I would be escaping this value - or at least using htmlentities.
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 125 total points
ID: 18809954
Your statement is SQL-injection safe due to the mysql_real_escape_string (yes it's sufficient). If you display values from that table make sure to escape/quote the values correctly you display.
0
 
LVL 1

Author Comment

by:ussher
ID: 18813320
Thank you both.

I had read in different places that the headers can be forged and that is what was causing my concern.

cheers.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question