drui0508 2014-10-16 21:58

浏览 40

已采纳

向PHP会话变量添加完整查询？

I've never thought of doing this before, and am unsure of the risks. It's a one time session for each page, replaced by the next page visited.

What's the security risk of doing something like the following? If any?

$_SESSION['somename'] = "SELECT `something` FROM `table` WHERE `something`='blah'";

Is this a safe method, if not, what's a safer method to store a one time query that will be replaced?

It's probably safer to store queries within a temp mysql table. But I want to avoid additional mysql calls.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
drgbpq5930 2014-10-16 22:08
关注
It is not a safe way to set variable with PHP due to the potential of exposing table names that can potentially be DROPPED via SQL injection. Now, session variables are stored on the server and can not be accessed by the browser. However, why introduce a bad habit that could cause someone less savvy on your dev team to use that to set a cookie? Then you have a large problem that started out being benign. It is better to just place data in your PHP session variables that act as a user identifier.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

悬赏问题

¥15 js调用html页面需要隐藏某个按钮
¥15 ads仿真结果在圆图上是怎么读数的
¥20 Cotex M3的调试和程序执行方式是什么样的？
¥20 java项目连接sqlserver时报ssl相关错误
¥15 一道python难题3
¥15 牛顿斯科特系数表表示
¥15 arduino 步进电机
¥20 程序进入HardFault_Handler
¥15 关于#python#的问题：自动化测试
¥20 问题请教！vue项目关于Nginx配置nonce安全策略的问题