Is It Safe To Store A Value In A Session Variable And Make Queries On The Value

Feb 16, 2011

I have a site, where the username is stored in a session variable when they are logged in, I am wondering is it safe to make queries off of the value stored in this session variable?

View 5 Replies


Make PDO Select Queries HTML Safe?

I'm new to PDO and just started using it. I already inserted, updated and deleted data using it and it's very simple to use the basics.

In a test environment I inserted some HTML codes to the database. Like:

<a href="">Google</a>
<b>Bold text</b>
<u>Underlined text</u>

I'm trying this out, because I'm using a simple WYSIWYG editor on my site for the users and I want to be sure the data is safe.

Using the following:

$stmt = $dbh->prepare("SELECT * FROM naruto WHERE id = :id AND name = :name");
/*** bind the paramaters ***/
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->bindParam(':name', $name, PDO::PARAM_STR, 5);


Where name is the different HTML codes, the HTML is just executed. So the text is bold and not in the format text< /b>.

I'm wondering if there is a function for PDO to stop this. Or do I just need to use htmlentities and strip_tags?

View 2 Replies

Is It Safe To Store User_id In Session?

What I was wondering is how safe it is to store user_id or username or anything like that in session. I usualy store a bunch of info in a session so I do not need to search the database all the time. However, is it easy to change a value after being logged in?

For example:

- A user logs in ...

View 11 Replies

Jquery .post Used To Store Session Variable - Avoid Refresh To Call Session Value?

I am using jquery's .post ajax call to pull an form input value and pass it to a php file that starts a session and stores the value in it. The session value is then called on a different page. The problem is, this all takes place without a page refresh, so the session value is always one page refresh behind. I.E.

the first time the session value is called it is blank, but after refresh the value is loaded with the initial input value. When refreshing again, the session's second value is pulled. So, the session value is never current... it is one behind. How can make it so the php session variable is current without needing to do a refresh?

View 3 Replies

Create Session Then Store A Session Variable

I use the following code to create session then store a session variable called query and then redirect to another page called insertaccount.php where i wish to use the
session value query. when i get to insertaccount.php the session variable query does not exist.can any one tell me why this is.

$_SESSION['query'] = $query;

$sql_query = $_SESSION['query'];

View 1 Replies

Store A Variable Available To Every Session?

I wanted to know what would be a good way for storing the information required by a something like a hit counter. I was wondering if this was possible using some session-like technique, but available to everyone.I am concerned about speed/performance, and not memory usage since the data to be store is minimal.

View 2 Replies

How To Store Session Value In A Variable?

Is this the right way to extract and store the session variable value?

$memid =mysql_real_escape_string($_SESSION['SESS_MID']));

View 2 Replies

Safe MySQL Queries

After realising how easy it is for a malicious user to inject an sql query
into a paramenter for a query, e.g:

$query = "SELECT name FROM employees WHERE ID = ".$HTTP_GET_VARS['id']

And the user enters for the query string: mypage.php?id=1 UNION DISTINCT....

I'm trying to work out what level of protection is needed. As far as I can
see, for integer values I should just validate that a numeral has been
entered, and for text the addslashes() or mysql_escape_string() functions
are enough. Am I right in saying this?

View 4 Replies

Writing Safe SQL Queries?

writing safe SQL queries e.g. single quotes, double quotes, etc. What's the best practice?

View 17 Replies

Failing To Store Value Of Session Variable!

When I try to register a session variable by, for an example:
$value = "foo";

It doesn't want to be registered, i have tried to access it by:

The session file that is created then I start the session looks like this:

It seems like it doesnt wanna register the value.

View 2 Replies

Store Cart Variable In Session?

i want to store cart variable in session. what is a correct way to encrypt or decrypt or hasshing??

View 3 Replies

Safe Insert Queries For Mysql ?

I was wondering the folllowing: when i insert something
into a mySQL DB -in a guestbook for instance- i mostly use
mysql_escape_string($_POST['comment'). now i've seen
mysql_real_escape_string, and i was wondering if there's a
big difference between them, but most of all, i was wondering
if 'addslashes()' is safe enough, because i noticed that
stripslashes() doesn't strip all 'mysql_escape_string' slashes,
but does strip all 'addslashes()' ... :-s

I know there's something called mySQL-injection, and if i
got it correctly, that would mean executing queries
e.g. by submitting a " and then a query ...
of course i want to prevent this.

View 3 Replies

Store Form Data As Session Variable?

So I was wondering if it would be possible to store data coming in from a form as a session variable. Heres what I have so far, but I don't know what to put for the Form Action.

<strong>Test Form</strong>
<form action="" method"post">
<input type="text" name="picturenum"/>
<input type="submit" name="Submit" value="Submit!" />
if (isset($_POST['Submit'])) {
$_session['picturenum'] = $_POST['picturenum'];
<strong><? echo $_session['picturenum'];?></strong>

View 4 Replies

Can't Store A Class Instance As A SESSION Variable

I have a PHP script that is called in 2 ways from a Dojo Ajax xhrGet call. The first time it is called with an "init" argument which causes the script to create an instance of the StateList class and read in a file of state names.



However, the getSize() method is never executed, nor can I call any other method on the reconstituted StateList class instance. Note that this is one PHP script that DOES include the class definition at the top and thus the class methods should be known and avaialble.

View 5 Replies

Make A Function Read Form A Txt File And Store Random Lines In A Variable?

How do you make a function read form a txt file and store random lines in a variable? It will be run over and over in a foreach loop. The language is PHP.

View 3 Replies

Xml - Use Global Variable And Store Xml Type Object In Session?

I have some problem with PHP global variable usage.I searched from StackOverflow, but nothing is like mine (at least i didn't found).I have 2 php page.Index.php and Account.php.Index.php calls account.php by ajax.Account.php must receive some xml data from other URL and store it. After that Index.php must use it.

on index.php:

var dataString = 'user='+ $("#login-name").val() + '&pass=' + $("#login-pass").val();


How can I pass $xml into index .php?My question is more like "How can I store xml type object in session".Because currently I using session for store data.But in case of string data its working okey with below line:

$_SESSION['user_name'] = (string)$xml->request->username;

If I remove (string) from it, it made error like Fatal error: Exception thrown without a stack frame in Unknown on line 0, But I need pass object, not string.

View 2 Replies

Is It Faster To Recreate An Object Or Store It In A Session Variable

Recreate an object instance each time someone goes to a page during a session or Store the object instance in a session variable when it first gets created, then always grab it from there when the page is accessed again I'm not sure if this will turn out to be a "How long is a piece of string?"

View 5 Replies

Store And Recall The Last Radio Button Clicked In A Session Variable?

I'm trying to figure out the best way to display text based on which radio button a user has clicked. I am having trouble using sessions to do this. When I use the following code, only the information related to the radio button that was first clicked is displayed (e.g., if someone clicks on radion button "A," then changes his mind and clicks on radio button "B," the session seems to think "A" is still clicked.Here's the HTML:

<div class="radio">
<label for="choice1">Choice 1</label>
<input class="selection" id="choice1" type="radio" name="selection" value="choice1"/>


View 1 Replies

Online Order System Looping And Store Each Checked Off Item As A Session Variable?

I am designing an online ordering system for a restaurant.I have a menu with check boxes by each item where the customer can select which items they desire.The menu is located at problem is that when the order is processed I need it to store each checked off item as a session variable.In the following code, it only selects the first item checked and not the rest if there is more than one.

foreach ($item as $itemname)
$query = mysql_query("SELECT * FROM `menu` WHERE title = '$itemname'");


View 3 Replies

Safe To Store XHTML Code In A Database?

Is it safe to store XHTML code in a database?What I usually do is store XHTML in the database and then just use htmlspecialchars() when outputting it on the website.

View 7 Replies

How To Store Main Settings - File To Be Safe?

I have DB password and other important information stored in settings.php. I will put settings.php outside public directory.But what I am not sure about is that I use to require_once settings.php into every page (index.php, users.php, profile.php, login.php, ...). Is that safe? I was thinking that if somebody came into any single main file, he will find out where I store setttings. If this file wouldn't be included in this way, than this won't be happen in any file.for example file users.php starts like this:

require_once $_SERVER['DOCUMENT_ROOT'].'/languages/lang_'.$language.'.php';

View 1 Replies

Make A Public Variable Hold Changing Session Values?

have a code structure like this

public static $userId;
public static $checkUserId;
public $chckUserId;
function __CONSTRUCT(){//Constructor
self::$userId = $_SESSION["userid"];//Asssign Current Logged In User's UserId

this works holding user session then i want to hold one changing session coz i ant to use it in all function of the class i want to be assigned in a public variable , i assigned and worked but not changing what could be the problem?

View 2 Replies

Make Opetion To Store Data In Chines Or Store In English?

i have two table.One to store english and second store i can make opetion to store in chines or store in english.example if some one want to store in chines thenadmin should able to see the english version to translate into chinesand store.

View 5 Replies

Safe To Make Use Of 5.3.0 New Functions Now?

As it depends on if the host support PHP 5.3, I wonder if all or enough many hosting company has upgraded their php environment to 5.3. Do you already use these new functions in your project?

View 3 Replies

Trying To Make Characters Safe For My RSS Feed

Whenever users write a post in Microsoft Word and then post it to their weblogs using my PHP software, their RSS feed ends up being corrupted with garbage characters which violate the well-formedness of their XML and therefore cause their newsreaders to die. Code:

View 4 Replies

Make Password Storage Safe?

How much more safer is this than just md5? I've just started look into password security. Im pretty new with php.

$salt = 'csdnfgksdgojnmfnb';
$password = md5($salt.$_POST['password']);
$result = mysql_query("SELECT id FROM users
WHERE username = '".mysql_real_escape_string($_POST['username'])."'
AND password = '$password'");


View 5 Replies

Copyrights 2005-15, All rights reserved