Jump to content

Is calling php scripts through the browser "healthy"?


algorithm

Recommended Posts

What do you mean by 'accessing'? Most php scripts send queries to mysql and print output in some way.  If you are talking about a script that lets you type SQL queries in browser and executes them, you certainly need a degree of protection, of course. The simplest way would be to add another text field (you need one to type query in), call it 'password' or something and put if clause to check it it matches.

 

regards,

 

Goat

Link to comment
Share on other sites

I would say it's bad mojo.  While passing variables in the url has it's place, I'm reluctant to pass variable names through the URL (e.g. GET variables) because it gives away some of the information needed if someone did want to try to start hacking a script.  If you start revealing SQL info, such as table and column names, that's just inviting someone to poke around and see what info they can mine. 

 

My personal advice is to pass most stuff through POST.  At the very least, obfuscate your variable names and don't use the same variable name as a SQL column name if you're passing data through GET.

 

GET is convienent, as you can create links with the data in the URL.  POST is safer as you're not shoving the data in their face.  One of my early php projects was to create a library for all my DVD's.  That stuff I send through GET, because I don't care if someone hacks my DVD database.  All it really does is alphabatize them and tell me what binder they should be in and in what order.  I can search by actor, director, etc, and see what other movies I have with that person--that sort of basic stuff. 

 

My tech services page, however, is all POST.  I'm not about to invite someone to start replacing customer ID's in the URL and see what they can come up with, even if I do a login security check at the page load.

 

That's my $.02. 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.