ohdang888 Posted March 7, 2008 Share Posted March 7, 2008 do i need to protect myself from injections if i grab info from a database(which in this case if just an auto-increment user id, and cannot be any text, only numbers) and put it into a session????? Link to comment https://forums.phpfreaks.com/topic/94836-injections-through-sessions/ Share on other sites More sharing options...
phpSensei Posted March 7, 2008 Share Posted March 7, 2008 Yes why not. Link to comment https://forums.phpfreaks.com/topic/94836-injections-through-sessions/#findComment-485785 Share on other sites More sharing options...
ohdang888 Posted March 7, 2008 Author Share Posted March 7, 2008 well i was thinking that if that info was already cleaned up before it went into the database, when i draw it from the database there is no need to clean it anymore. Link to comment https://forums.phpfreaks.com/topic/94836-injections-through-sessions/#findComment-485805 Share on other sites More sharing options...
rameshfaj Posted March 7, 2008 Share Posted March 7, 2008 i think why do you need to take the value from the database and put it in the session,again it is the autoincreament field,that will be managed by the database when u insert data into the database. Any way if you are retrieving some values from db and putting it in the session for certain usage,then you need to clean it when the user logs out.I think it will simply be difficult to inject only getting the session values. Link to comment https://forums.phpfreaks.com/topic/94836-injections-through-sessions/#findComment-485886 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.