Solved

HTTP_REFERER storing in mysql

Posted on 2007-03-27
3
360 Views
Last Modified: 2013-12-13
hi,

How do need to / how do i   validate HTTP_REFERER?
is it safe to store HTTP_REFERER in mysql using only mysql_real_escape_string?

I want to store the referer into my database.  is this safe enough?
$referer                =   getenv(HTTP_REFERER);
$sql    =   sprintf("INSERT INTO referer_table(`referer_id`, `referer`) VALUES('', '%s') ",
                                                    mysql_real_escape_string($referer));

Concerned about SQL injection.


0
Comment
Question by:ussher
3 Comments
 
LVL 35

Expert Comment

by:Raynard7
ID: 18805537
Hi,

headers can be forged, to be on the safe side I would be escaping this value - or at least using htmlentities.
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 125 total points
ID: 18809954
Your statement is SQL-injection safe due to the mysql_real_escape_string (yes it's sufficient). If you display values from that table make sure to escape/quote the values correctly you display.
0
 
LVL 1

Author Comment

by:ussher
ID: 18813320
Thank you both.

I had read in different places that the headers can be forged and that is what was causing my concern.

cheers.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now