?
Solved

HTTP_REFERER storing in mysql

Posted on 2007-03-27
3
Medium Priority
?
367 Views
Last Modified: 2013-12-13
hi,

How do need to / how do i   validate HTTP_REFERER?
is it safe to store HTTP_REFERER in mysql using only mysql_real_escape_string?

I want to store the referer into my database.  is this safe enough?
$referer                =   getenv(HTTP_REFERER);
$sql    =   sprintf("INSERT INTO referer_table(`referer_id`, `referer`) VALUES('', '%s') ",
                                                    mysql_real_escape_string($referer));

Concerned about SQL injection.


0
Comment
Question by:ussher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 35

Expert Comment

by:Raynard7
ID: 18805537
Hi,

headers can be forged, to be on the safe side I would be escaping this value - or at least using htmlentities.
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 500 total points
ID: 18809954
Your statement is SQL-injection safe due to the mysql_real_escape_string (yes it's sufficient). If you display values from that table make sure to escape/quote the values correctly you display.
0
 
LVL 1

Author Comment

by:ussher
ID: 18813320
Thank you both.

I had read in different places that the headers can be forged and that is what was causing my concern.

cheers.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question