SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Zealot imagize's Avatar
    Join Date
    Oct 2004
    Location
    Australia
    Posts
    197
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    $_server['query_string']

    I would just like to ask some people about $_SERVER['QUERY_STRING'], does it have security flaws or any concerns I need to be aware of, is it safer using $_GET instead of $_SERVER['QUERY_STRING']

  2. #2
    SitePoint Wizard mark_W's Avatar
    Join Date
    Mar 2004
    Location
    West Midlands, United Kingdom
    Posts
    2,631
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Im not sure about the security of either.

    Just that if you have a particular value you want to grab from a url then you should use $_GET, if you just want to grab the whole query then use $_SERVER['QUERY_STRING'] but then again I suppose that was pretty obvious.

    Mark

  3. #3
    SitePoint Zealot imagize's Avatar
    Join Date
    Oct 2004
    Location
    Australia
    Posts
    197
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply mark, I agree, as long as there is no security issues, i believe

    example.com/?page

    Look better than

    example.com/?act=page

  4. #4
    Obey the Purebreed trib4lmaniac's Avatar
    Join Date
    Dec 2004
    Location
    Cornwall, UK
    Posts
    594
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There's always mod_rewrite if you want pretty urls.

  5. #5
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What kind of "security issues" should there be? You get what you ask for, in this case the query string. There is nothing that prevents sql injection attacks or cross site scripting attacks from happening when you use either, you have to escape the strings yourself.

  6. #6
    Obsessive designer Infizi's Avatar
    Join Date
    May 2004
    Location
    North Pole
    Posts
    450
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    get safe, use clever $_POST, or mod_rewrite (in .htaccess files)
    New Design - PHP Slowly flowing in!

    Infizi Studio's

  7. #7
    Non-Member Icheb's Avatar
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    1,474
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $_POST or mod_rewrite *itself* is not any more secure or insecure than $_GET or $_SERVER. It's what you do with the data you receive that makes your *application* more secure or insecure.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •