Is this safe?

Hi can i ask if this is safe i am passing parameter in the url like this.

   $mydata = json_encode($data);

Thank you in advance.

What is your definition of safe?

It is safe, how you treat it in the end may be a different matter.

I am worried for an attack…i am not good enough in security…

What does receive.php do with the data? What is stored in the data?

why is that if i will going to change the parameter in my url…it will raise an error or warning. “warning invalid supplied in (path) etc…”,
how can i don’t let the warning show…


Okay, your last statement didn’t make any sense to me at all, so can you rephrase that?

Are you asking if I you change d= to f=, why do you get a warning? Or are you asking I changed d={“name”%3A"Robert"} to d={“filepath”%3A"./test.php"} you get a warning?

Keep in mind after you use json_decode, you technically need to re-validate ALL of the data stored in that object/array. All/Any of it could have been changed by a user.

Hi cpradio,…Thank you for the reply…okay i think i got it now :slight_smile:

Hi can i ask again…is it possible that the data encoded by json can be encrypted in the url?
because in my url it looks like this receive.php?d={“name”%3A"Robert"};

You may want to look at base64_encode, which is what I really think you want, but that still falls under the same situation, you will still have to re-validate all of the data stored in your json related data before using it.

Hi cpradio, Thank you for …you mean to escape the strings or to use the htmlentities in revalidating json…please correct me if i am wrong.

Yes, plus validating anything else that may be stored in there, ensuring it is a valid integer and within the range you’d expect etc. If you store member id in there, you’d have to re-validate the user is who they say they are. As user will be able to change that id (best if that is stored in Session).

Thank you again :slight_smile: