Jump to content

Recommended Posts

I am using $_GET[] values to run sql queries on my database and display results....

What I want to know it this safe to do so, if I am using PDO prepared statements, and binding the $_GET values with ids in my query...  addition I am escaping the values before they hit the browser.

Do I need to consider anything else to do this safely?

Link to comment
https://forums.phpfreaks.com/topic/286251-_get/
Share on other sites

$_GET[] sends the data directly in the URL, which means it is accessible by anyone viewing the page. The URL will look like index.php?id=123 . So if you send passwords it will be directly visible in the URL, which isn't safe. Also this page can be bookmarked and viewed again later.

 

$_POST[] does not show the sent data. hence it is used to send passwords and secure info. Although if a sniffer is used it too can be read.

Link to comment
https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469212
Share on other sites

 

 

$_POST[] does not show the sent data

The headers beg to differ.

 

As long as you are escaping and typecasting the data then there shouldn't be any concerns with this method. However I wouldn't send data that is meant to be secured via this method.

Link to comment
https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469215
Share on other sites

The headers beg to differ.

 

As long as you are escaping and typecasting the data then there shouldn't be any concerns with this method. However I wouldn't send data that is meant to be secured via this method.

My knowledge of PHP isn't that great.

 

Could you please explain the method to send it securely.

Link to comment
https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469217
Share on other sites

GET and POST are as secure as each other they are just different methods of sending data. GET sends it in the request header and POST sends it in the request body. 

 

If you really want to send data securely then have a look at SSL (HTTPS) or encrypt your data before sending it.

Link to comment
https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469218
Share on other sites

GET and POST are as secure as each other they are just different methods of sending data. GET sends it in the request header and POST sends it in the request body. 

 

If you really want to send data securely then have a look at SSL (HTTPS) or encrypt your data before sending it.

Thanks!

Link to comment
https://forums.phpfreaks.com/topic/286251-_get/#findComment-1469255
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.