[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 370
  • Last Modified:

HTTP_REFERER storing in mysql

hi,

How do need to / how do i   validate HTTP_REFERER?
is it safe to store HTTP_REFERER in mysql using only mysql_real_escape_string?

I want to store the referer into my database.  is this safe enough?
$referer                =   getenv(HTTP_REFERER);
$sql    =   sprintf("INSERT INTO referer_table(`referer_id`, `referer`) VALUES('', '%s') ",
                                                    mysql_real_escape_string($referer));

Concerned about SQL injection.


0
ussher
Asked:
ussher
1 Solution
 
Raynard7Commented:
Hi,

headers can be forged, to be on the safe side I would be escaping this value - or at least using htmlentities.
0
 
hernst42Commented:
Your statement is SQL-injection safe due to the mysql_real_escape_string (yes it's sufficient). If you display values from that table make sure to escape/quote the values correctly you display.
0
 
ussherAuthor Commented:
Thank you both.

I had read in different places that the headers can be forged and that is what was causing my concern.

cheers.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now