unknown1 Posted February 17, 2014 Share Posted February 17, 2014 I am using $_GET[] values to run sql queries on my database and display results.... What I want to know it this safe to do so, if I am using PDO prepared statements, and binding the $_GET values with ids in my query... addition I am escaping the values before they hit the browser. Do I need to consider anything else to do this safely? Quote Link to comment https://forums.phpfreaks.com/topic/286251-_get/ Share on other sites More sharing options...
jairathnem Posted February 17, 2014 Share Posted February 17, 2014 $_GET[] sends the data directly in the URL, which means it is accessible by anyone viewing the page. The URL will look like index.php?id=123 . So if you send passwords it will be directly visible in the URL, which isn't safe. Also this page can be bookmarked and viewed again later. $_POST[] does not show the sent data. hence it is used to send passwords and secure info. Although if a sniffer is used it too can be read. Quote Link to comment https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469212 Share on other sites More sharing options...
doddsey_65 Posted February 17, 2014 Share Posted February 17, 2014 $_POST[] does not show the sent data The headers beg to differ. As long as you are escaping and typecasting the data then there shouldn't be any concerns with this method. However I wouldn't send data that is meant to be secured via this method. Quote Link to comment https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469215 Share on other sites More sharing options...
jairathnem Posted February 17, 2014 Share Posted February 17, 2014 The headers beg to differ. As long as you are escaping and typecasting the data then there shouldn't be any concerns with this method. However I wouldn't send data that is meant to be secured via this method. My knowledge of PHP isn't that great. Could you please explain the method to send it securely. Quote Link to comment https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469217 Share on other sites More sharing options...
doddsey_65 Posted February 17, 2014 Share Posted February 17, 2014 GET and POST are as secure as each other they are just different methods of sending data. GET sends it in the request header and POST sends it in the request body. If you really want to send data securely then have a look at SSL (HTTPS) or encrypt your data before sending it. Quote Link to comment https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469218 Share on other sites More sharing options...
jairathnem Posted February 17, 2014 Share Posted February 17, 2014 GET and POST are as secure as each other they are just different methods of sending data. GET sends it in the request header and POST sends it in the request body. If you really want to send data securely then have a look at SSL (HTTPS) or encrypt your data before sending it. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469255 Share on other sites More sharing options...
appricart Posted February 17, 2014 Share Posted February 17, 2014 $_POST is safe and $_GET transfer value and show values in url address bar.. Quote Link to comment https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469276 Share on other sites More sharing options...
doddsey_65 Posted February 17, 2014 Share Posted February 17, 2014 You can see the values of both POST and GET requests, neither is safer than the other. Quote Link to comment https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469280 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.