Jump to content

$_GET

unknown1

By unknown1
in PHP Coding Help

 Share

Recommended Posts

unknown1 Member

unknown1

Posted
Posted

I am using $_GET[] values to run sql queries on my database and display results....

What I want to know it this safe to do so, if I am using PDO prepared statements, and binding the $_GET values with ids in my query...  addition I am escaping the values before they hit the browser.

Do I need to consider anything else to do this safely?

Link to comment
Share on other sites
jairathnem Newbie

jairathnem

Posted
Posted

$_GET[] sends the data directly in the URL, which means it is accessible by anyone viewing the page. The URL will look like index.php?id=123 . So if you send passwords it will be directly visible in the URL, which isn't safe. Also this page can be bookmarked and viewed again later.

 

$_POST[] does not show the sent data. hence it is used to send passwords and secure info. Although if a sniffer is used it too can be read.

Link to comment
Share on other sites
jairathnem Newbie

jairathnem

Posted
Posted

The headers beg to differ.

 

As long as you are escaping and typecasting the data then there shouldn't be any concerns with this method. However I wouldn't send data that is meant to be secured via this method.

My knowledge of PHP isn't that great.

 

Could you please explain the method to send it securely.

Link to comment
Share on other sites
doddsey_65 Advanced Member

doddsey_65

Posted
Posted

GET and POST are as secure as each other they are just different methods of sending data. GET sends it in the request header and POST sends it in the request body. 

 

If you really want to send data securely then have a look at SSL (HTTPS) or encrypt your data before sending it.

Link to comment
Share on other sites
jairathnem Newbie

jairathnem

Posted
Posted

GET and POST are as secure as each other they are just different methods of sending data. GET sends it in the request header and POST sends it in the request body. 

 

If you really want to send data securely then have a look at SSL (HTTPS) or encrypt your data before sending it.

Thanks!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.