Solved

HTTP_REFERER storing in mysql

Posted on 2007-03-27
3
366 Views
Last Modified: 2013-12-13
hi,

How do need to / how do i   validate HTTP_REFERER?
is it safe to store HTTP_REFERER in mysql using only mysql_real_escape_string?

I want to store the referer into my database.  is this safe enough?
$referer                =   getenv(HTTP_REFERER);
$sql    =   sprintf("INSERT INTO referer_table(`referer_id`, `referer`) VALUES('', '%s') ",
                                                    mysql_real_escape_string($referer));

Concerned about SQL injection.


0
Comment
Question by:ussher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 35

Expert Comment

by:Raynard7
ID: 18805537
Hi,

headers can be forged, to be on the safe side I would be escaping this value - or at least using htmlentities.
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 125 total points
ID: 18809954
Your statement is SQL-injection safe due to the mysql_real_escape_string (yes it's sufficient). If you display values from that table make sure to escape/quote the values correctly you display.
0
 
LVL 1

Author Comment

by:ussher
ID: 18813320
Thank you both.

I had read in different places that the headers can be forged and that is what was causing my concern.

cheers.
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question